diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md
index f6f48f6401..5f69165c08 100644
--- a/devices/surface-hub/create-a-device-account-using-office-365.md
+++ b/devices/surface-hub/create-a-device-account-using-office-365.md
@@ -177,8 +177,8 @@ Now that you're connected to the online services, you can finish setting up the
4. Various Exchange properties can be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
``` syntax
- Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
- Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
+ Set-CalendarProcessing -Identity $strEmail -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+ Set-CalendarProcessing -Identity $strEmail -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
```
@@ -211,7 +211,7 @@ In order to enable Skype for Business, your environment will need to meet the fo
2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
```PowerShell
- Enable-CsMeetingRoom -Identity $rm -RegistrarPool
+ Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool
"sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
```
@@ -325,8 +325,8 @@ Now that you're connected to the online services, you can finish setting up the
4. Various Exchange properties can be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
``` syntax
- Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
- Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
+ Set-CalendarProcessing -Identity $strEmail -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+ Set-CalendarProcessing -Identity $strEmail -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
```
5. Now we have to set some properties in AD. To do that, you need the alias of the account (this is the part of the UPN that becomes before the “@”).
@@ -369,7 +369,7 @@ In order to enable Skype for Business, your environment will need to meet the fo
2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
```PowerShell
- Enable-CsMeetingRoom -Identity $rm -RegistrarPool
+ Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool
"sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
```
diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md
index 2c4fd4b739..1995443537 100644
--- a/education/trial-in-a-box/educator-tib-get-started.md
+++ b/education/trial-in-a-box/educator-tib-get-started.md
@@ -26,8 +26,7 @@ ms.date: 03/18/2018
| [](#edu-task2) | **Interested in significantly improving your students' reading speed and comprehension?[1](#footnote1)** Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. |
| [](#edu-task3) | **Looking to foster collaboration, communication, and critical thinking in the classroom?** Launch [Microsoft Teams](#edu-task3) and learn how to set up digital classroom discussions, respond to student questions, and organize class content. |
| [](#edu-task4) | **Trying to expand classroom creativity and interaction between students?** Open [OneNote](#edu-task4) and create an example group project for your class. |
-| [](#edu-task5) | **Curious about telling stories through video?** Try the [Photos app](#edu-task5) to make your own example video. |
-| [](#edu-task6) | **Want to teach kids to further collaborate and problem solve?** Play with [Minecraft: Education Edition](#edu-task6) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. |
+| [](#edu-task5) | **Want to teach kids to further collaborate and problem solve?** Play with [Minecraft: Education Edition](#edu-task5) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. |
| | |
@@ -139,7 +138,7 @@ When you're not using the pen, just use the magnet to stick it to the left side
-
+
-## 6. Get kids to further collaborate and problem solve
+## 5. Get kids to further collaborate and problem solve
> [!VIDEO https://www.youtube.com/embed/QI_bRNUugog]
diff --git a/education/windows/index.md b/education/windows/index.md
index 80955b020d..3b3fda8446 100644
--- a/education/windows/index.md
+++ b/education/windows/index.md
@@ -21,15 +21,6 @@ ms.date: 10/13/2017
[Windows 10 editions for education customers](windows-editions-for-education-customers.md)
Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
[Compare each Windows edition](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
Find out more about the features and functionality we support in each edition of Windows.
[Get Windows 10 Education or Windows 10 Pro Education](https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)
When you've made your decision, find out how to buy Windows for your school.
-How-to videos
-
-
##  Plan
diff --git a/education/windows/switch-to-pro-education.md b/education/windows/switch-to-pro-education.md
index 715350a167..31b94541f8 100644
--- a/education/windows/switch-to-pro-education.md
+++ b/education/windows/switch-to-pro-education.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: high
-author: CelesteDG
-ms.author: celested, MikeBlodge
+author: MikeBlodge
+ms.author: MikeBlodge
ms.date: 10/30/2017
---
diff --git a/windows/client-management/windows-version-search.md b/windows/client-management/windows-version-search.md
index 701cab6076..871658d3ff 100644
--- a/windows/client-management/windows-version-search.md
+++ b/windows/client-management/windows-version-search.md
@@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: MikeBlodge
-ms.author: MikeBlodge, Kaushik Ainapure
+ms.author: MikeBlodge
ms.date: 04/30/2018
---
diff --git a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
index 5ab90c23ab..a57aebf1fb 100644
--- a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
+++ b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
@@ -9,7 +9,7 @@ ms.pagetype: security
localizationpriority: high
author: brianlic-msft
ms.author: brianlic
-ms.date: 4/10/2018
+ms.date: 4/30/2018
---
@@ -320,7 +320,6 @@ This event sends blocking data about any compatibility blocking entries hit on t
The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
-- **SdbEntries** Deprecated in RS3. An array of fields indicating the SDB entries that apply to this file.
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove
@@ -348,7 +347,6 @@ This event sends compatibility database information about non-blocking compatibi
The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
-- **SdbEntries** Deprecated in RS3. An array of fields indicating the SDB entries that apply to this file.
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove
@@ -376,7 +374,6 @@ This event sends compatibility database information about entries requiring rein
The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
-- **SdbEntries** Deprecated in RS3. An array of fields indicating the SDB entries that apply to this file.
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove
@@ -397,21 +394,6 @@ The following fields are available:
- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
-
-Deprecated in RS3. This event sends compatibility information about a file to help keep Windows up-to-date.
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the appraiser file that is generating the events.
-- **AvDisplayName** If it is an anti-virus app, this is its display name.
-- **CompatModelIndex** The compatibility prediction for this file.
-- **HasCitData** Is the file present in CIT data?
-- **HasUpgradeExe** Does the anti-virus app have an upgrade.exe file?
-- **IsAv** Is the file an anti-virus reporting EXE?
-- **ResolveAttempted** This will always be an empty string when sending telemetry.
-- **SdbEntries** An array of fields that indicates the SDB entries that apply to this file.
-
### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove
@@ -471,7 +453,6 @@ This event sends compatibility database data about driver packages to help keep
The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
-- **SdbEntries** Deprecated in RS3. An array of fields indicating the SDB entries that apply to this driver package.
### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageRemove
@@ -1799,7 +1780,7 @@ Fired by UTC as a heartbeat signal.
The following fields are available:
- **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host/agent channel.
-- **CensusExitCode** Last exit code of�Census task.
+- **CensusExitCode** Last exit code of Census task.
- **CensusStartTime** Time of last Census run.
- **CensusTaskEnabled** True if Census is enabled, false otherwise.
- **CompressedBytesUploaded** Number of compressed bytes uploaded.
@@ -1826,14 +1807,14 @@ The following fields are available:
- **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel.
- **LastEventSizeOffender** Event name of last event which exceeded max event size.
- **LastInvalidHttpCode** Last invalid HTTP code received from Vortex.
-- **MaxActiveAgentConnectionCount** Maximum number of active agents during this�heartbeat timeframe.
+- **MaxActiveAgentConnectionCount** Maximum number of active agents during this heartbeat timeframe.
- **MaxInUseScenarioCounter** Soft maximum number of scenarios loaded by UTC.
- **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events).
- **SettingsHttpAttempts** Number of attempts to contact OneSettings service.
-- **SettingsHttpFailures** Number of failures from contacting�OneSettings service.
+- **SettingsHttpFailures** Number of failures from contacting OneSettings service.
- **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers.
- **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client.
-- **VortexFailuresTimeout** Number of time out failures�received from Vortex.
+- **VortexFailuresTimeout** Number of time out failures received from Vortex.
- **VortexHttpAttempts** Number of attempts to contact Vortex.
- **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex.
- **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex.
@@ -2429,10 +2410,6 @@ The following fields are available:
- **CV** Correlation vector
-## DxgKernelTelemetry events
-
-## Fault Reporting events
-
## Feature update events
### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed
@@ -2456,9 +2433,6 @@ Indicates that the uninstall was properly configured and that a system reboot wa
This event sends basic metadata about the starting point of uninstalling a feature update which helps us ensure customers can safely revert to a well-known state if the update caused any problems.
-
-## Hang Reporting events
-
## Inventory events
### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
@@ -2854,7 +2828,7 @@ The following fields are available:
- **OIeNoAxInstall** Flag indicating which Microsoft Office products have this setting enabled. When a webpage attempts to load or install an ActiveX control that isn't already installed, the FEATURE_RESTRICT_ACTIVEXINSTALL feature blocks the request. When a webpage tries to load or install an ActiveX control that isn't already installed, the FEATURE_RESTRICT_ACTIVEXINSTALL feature blocks the request
- **OIeNoDownload** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_RESTRICT_FILEDOWNLOAD feature blocks file download requests that navigate to a resource, that display a file download dialog box, or that are not initiated explicitly by a user action (for example, a mouse click or key press). Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2)
- **OIeObjectCaching** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_OBJECT_CACHING feature prevents webpages from accessing or instantiating ActiveX controls cached from different domains or security contexts
-- **OIePasswordDisable** Flag indicating which Microsoft Office products have this setting enabled. After Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2), Internet Explorer no longer allows usernames and passwords to be specified in URLs that use the HTTP or HTTP protocols. URLs using other protocols, such as FTP, still allow usernames and passwords
+- **OIePasswordDisable** Flag indicating which Microsoft Office products have this setting enabled. After Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2), Internet Explorer no longer allows usernames and passwords to be specified in URLs that use the HTTP or HTTPS protocols. URLs using other protocols, such as FTP, still allow usernames and passwords
- **OIeSafeBind** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_SAFE_BINDTOOBJECT feature performs additional safety checks when calling MonikerBindToObject to create and initialize Microsoft ActiveX controls. Specifically, prevent the control from being created if COMPAT_EVIL_DONT_LOAD is in the registry for the control
- **OIeSecurityBand** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_SECURITYBAND feature controls the display of the Internet Explorer Information bar. When enabled, the Information bar appears when file download or code installation is restricted
- **OIeUncSaveCheck** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_UNC_SAVEDFILECHECK feature enables the Mark of the Web (MOTW) for local files loaded from network locations that have been shared by using the Universal Naming Convention (UNC)
@@ -3447,8 +3421,6 @@ The following fields are available:
- **PFamN** The name of the product that is requested for update.
-## OneDrive events
-
## Privacy consent logging events
### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@@ -3984,7 +3956,7 @@ This event collects information when express could not be used and we fall back
The following fields are available:
-- **FlightId** The error code returned for the current install phase.
+- **FlightId** Unique ID for each flight.
- **ObjectId** Unique value for each Update Agent mode.
- **PackageCount** Number of packages that feel back to canonical.
- **PackageList** PackageIds which fell back to canonical.
@@ -4006,7 +3978,7 @@ The following fields are available:
- **ObjectId** Unique value for each Update Agent mode.
- **RelatedCV** Correlation vector value generated from the latest USO scan.
- **Result** Outcome of the install phase of the update.
-- **ScenarioId** Unique value for each update attempt.
+- **ScenarioId** Indicates the update scenario.
- **SessionData** String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios).
- **SessionId** Unique value for each update attempt.
- **UpdateId** Unique ID for each update.
@@ -4072,7 +4044,7 @@ The following fields are available:
- **PostRebootResult** Indicates the Hresult
- **RelatedCV** Correlation vector value generated from the latest USO scan
- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **SessionId** Unique value for each Update Agent mode attempt
+- **SessionId** Unique value for each update attempt.
- **UpdateId** Unique ID for each update
@@ -4574,33 +4546,33 @@ The following fields are available:
- **background** If the download is happening in the background
- **bytesRequested** Number of bytes requested for download.
-- **cdnUrl** Number of bytes requested for download
-- **costFlags** Url of the source CDN
-- **deviceProfile** Network cost flags
-- **diceRoll** Identifies the usage or form factor (Desktop, Xbox, VM, etc)
-- **doClientVersion** Random number used for determining if a client will use peering
-- **doErrorCode** Version of the Delivery Optimization client
-- **downloadMode** Delivery Optimization error code returned
-- **downloadModeSrc** DownloadMode used (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100)
-- **errorCode** Source of the DownloadMode setting (KvsProvider: 0, GeoProvider: 1, GeoVerProvider: 2, CpProvider: 3, DiscoveryProvider: 4, RegistryProvider: 5, GroupPolicyProvider: 6, MdmProvider: 7, SettingsProvider: 8, InvalidProviderType: 9)
-- **experimentId** Error code returned
-- **fileID** Used to correlate client/services calls that are part of the same test during A/B testing
-- **filePath** ID of the File being downloaded
-- **fileSize** Path to where the downloaded file will be written
-- **fileSizeCaller** Total filesize of the file that was downloaded
-- **groupID** Value for total file size provided by our caller
-- **isVpn** ID for the group
-- **jobID** If the machine is connected to a Virtual Private Network
-- **peerID** Minimum filesize policy set for the device to allow Peering with Delivery Optimization
+- **cdnUrl** Url of the source CDN
+- **costFlags** Network cost flags
+- **deviceProfile** Identifies the usage or form factor (Desktop, Xbox, VM, etc)
+- **diceRoll** Random number used for determining if a client will use peering
+- **doClientVersion** Version of the Delivery Optimization client
+- **doErrorCode** Delivery Optimization error code returned
+- **downloadMode** DownloadMode used (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100)
+- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider: 0, GeoProvider: 1, GeoVerProvider: 2, CpProvider: 3, DiscoveryProvider: 4, RegistryProvider: 5, GroupPolicyProvider: 6, MdmProvider: 7, SettingsProvider: 8, InvalidProviderType: 9)
+- **errorCode** Error code returned
+- **experimentId** Used to correlate client/services calls that are part of the same test during A/B testing
+- **fileID** ID of the File being downloaded
+- **filePath** Path to where the downloaded file will be written
+- **fileSize** Total filesize of the file that was downloaded
+- **fileSizeCaller** Value for total file size provided by our caller
+- **groupID** ID for the group
+- **isVpn** If the machine is connected to a Virtual Private Network
+- **jobID** Identifier for the Windows Update Job
+- **peerID** ID for this Delivery Optimization client
- **predefinedCallerName** Name of the API caller
-- **sessionID** Name of the API Caller
-- **setConfigs** ID of the Update being downloaded
+- **sessionID** ID for the file download session
+- **setConfigs** ID of the update being downloaded
- **updateID** ID for the file download session
-- **usedMemoryStream** ID of the Update being downloaded
+- **usedMemoryStream** If the download is using memory streaming in App downloads
- **callerName** Name of the API Caller
-- **minDiskSizeGB** Identifier for the Windows Update Job
-- **minDiskSizePolicyEnforced** The minimum disk size policy set for the device to allow Peering with Delivery Optimization
-- **minFileSizePolicy** If there is an enforced mininum disk size requirement for peering
+- **minDiskSizeGB** The minimum disk size policy set for the device to allow Peering with Delivery Optimization
+- **minDiskSizePolicyEnforced** If there is an enforced mininum disk size requirement for peering
+- **minFileSizePolicy** The minimum file size policy set for the device to allow Peering with Delivery Optimization
- **scenarioID** ID for the Scenario
- **isEncrypted** Whether the download is encrypted
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 58031d3ffe..322fa570ca 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -20,7 +20,7 @@
## [Deploy Windows 10](deploy.md)
### [Overview of Windows Autopilot](windows-autopilot/windows-10-autopilot.md)
-
+### [Windows 10 in S mode](windows-10-pro-in-s-mode.md)
### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
#### [Windows 10 downgrade paths](upgrade/windows-10-downgrade-paths.md)
### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md)
diff --git a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
index 4a743e6537..109cac5cd1 100644
--- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
index a32404e3da..6964296b3e 100644
--- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
+++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
index 25636437d5..10bb6542cb 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
index 1d3d9e51d3..90b5fad367 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
index 3e966ca9c1..4d47f143d0 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md
index 522071bd52..b294903341 100644
--- a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.pagetype: mdt
ms.sitesec: library
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index d3ae97f74b..b891078029 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 10/16/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
index 5a03190d0c..18a7a65f5d 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
-author: mtniehaus
+author: greg-lindsay
ms.pagetype: mdt
ms.date: 10/16/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
index ecaf35658c..791f935c4b 100644
--- a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md b/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md
index 06d29a04b6..abb9d3edc6 100644
--- a/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.localizationpriority: high
ms.mktglfcycl: deploy
ms.sitesec: library
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/key-features-in-mdt.md b/windows/deployment/deploy-windows-mdt/key-features-in-mdt.md
index 9e5135e314..3816398b2b 100644
--- a/windows/deployment/deploy-windows-mdt/key-features-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/key-features-in-mdt.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md b/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md
index 6222b6f030..fef428f16b 100644
--- a/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md
+++ b/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
index 8b683b7980..ff2d947f72 100644
--- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
index cf0457a3f4..8a73785363 100644
--- a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
+++ b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
index 974dd2dd1a..5da55b728d 100644
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
index 889d6c2585..f408b1da85 100644
--- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
+++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
index 7729c54618..51ebf8238f 100644
--- a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
+++ b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
index a0a50f8ebc..b4c4344d38 100644
--- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
@@ -169,7 +169,6 @@ Figure 32. The ready-made task sequence.
[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-
[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
[Use web services in MDT](use-web-services-in-mdt.md)
diff --git a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
index 00b6ccc992..6aa8409a7e 100644
--- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
+++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
index 2e184f00e8..9354edd5b4 100644
--- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.pagetype: mdt
ms.sitesec: library
-author: mtniehaus
+author: greg-lindsay
ms.date: 07/27/2017
---
diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index f46f0eb146..453db50ca3 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -8,7 +8,7 @@ ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mobile
author: greg-lindsay
-ms.date: 02/9/2018
+ms.date: 04/30/2018
---
# Windows 10 edition upgrade
@@ -46,11 +46,11 @@ X = unsupported
| **Home > Pro for Workstations** |  |  |  |  |  |  |
| **Home > Pro Education** |  |  |  |  |  |  |
| **Home > Education** |  |  |  |  |  |  |
-| **S > Pro** | 
(1709) | 
(1709) |  |  | 
(1709) | 
(1709) |
+
| **Pro > Pro for Workstations** |  |  |  | 
(MSfB) |  |  |
| **Pro > Pro Education** |  |  |  | 
(MSfB) |  |  |
| **Pro > Education** |  |  |  | 
(MSfB) |  |  |
@@ -65,9 +65,10 @@ X = unsupported
| **Mobile > Mobile Enterprise** |  | |  |  |  |  |
> [!NOTE]
-> Each desktop edition in the table also has an N and KN SKU. These editions have had media-related functionality removed. Devices with N or KN SKUs installed can be upgraded to corresponding N or KN SKUs using the same methods.
+> - For information about upgrade paths in Windows 10 in S mode (for Pro or Education), check out [Windows 10 Pro/Enterprise in S mode](../windows-10-pro-in-s-mode.md)
+> - Each desktop edition in the table also has an N and KN SKU. These editions have had media-related functionality removed. Devices with N or KN SKUs installed can be upgraded to corresponding N or KN SKUs using the same methods.
>
->
Due to [naming changes](https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview#naming-changes) the term LTSB might still be displayed in some products. This name will change to LTSC with subsequent feature updates.
+> - Due to [naming changes](https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview#naming-changes) the term LTSB might still be displayed in some products. This name will change to LTSC with subsequent feature updates.
## Upgrade using mobile device management (MDM)
- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-enterprise-subscription-activation.md
index de3ae148a3..e455be3daf 100644
--- a/windows/deployment/windows-10-enterprise-subscription-activation.md
+++ b/windows/deployment/windows-10-enterprise-subscription-activation.md
@@ -23,6 +23,7 @@ With Windows 10 version 1703 (also known as the Creator’s Update), both Window
Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
See the following topics in this article:
+- [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
- [The evolution of Windows 10 deployment](#the-evolution-of-deployment): A short history of Windows deployment.
- [Requirements](#requirements): Prerequisites to use the Windows 10 Enterprise subscription model.
- [Benefits](#benefits): Advantages of Windows 10 Enterprise + subscription-based licensing.
@@ -31,6 +32,14 @@ See the following topics in this article:
For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
+## Inherited Activation
+
+Inherited Activation is a new feature available in Windows 10, version 1803 that allows Windows 10 virtual machines to inherit activation state from their Windows 10 host.
+
+When a user with Windows 10 E3 or E5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
+
+To support Inherited Activation, both the host computer and the VM must be running Windows 10, version 1803 or later.
+
## The evolution of deployment
>The original version of this section can be found at [Changing between Windows SKUs](https://blogs.technet.microsoft.com/mniehaus/2017/10/09/changing-between-windows-skus/).
diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md
index 4ac1cc5a28..108816df6c 100644
--- a/windows/deployment/windows-10-poc.md
+++ b/windows/deployment/windows-10-poc.md
@@ -730,7 +730,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
Ignore any warnings that are displayed. The computer will automatically reboot upon completion.
-9. When the reboot has completed, reconnect to DC1, sign in using the CONTOSO\Administrator account, open an elevated Windows PowerShell prompt, and use the following commands to add a reverse lookup zone for the PoC network, add the DHCP Server role, authorize DHCP in Active Directory, and supress the post-DHCP-install alert:
+9. When the reboot has completed, reconnect to DC1, sign in using the CONTOSO\Administrator account, open an elevated Windows PowerShell prompt, and use the following commands to add a reverse lookup zone for the PoC network, add the DHCP Server role, authorize DHCP in Active Directory, and suppress the post-DHCP-install alert:
Add-DnsServerPrimaryZone -NetworkID "192.168.0.0/24" -ReplicationScope Forest
diff --git a/windows/hub/TOC.md b/windows/hub/TOC.md
index 43202e6dde..cb339d35c0 100644
--- a/windows/hub/TOC.md
+++ b/windows/hub/TOC.md
@@ -1,5 +1,5 @@
# [Windows 10 and Windows 10 Mobile](index.md)
-## [Get started](/windows/whats-new/get-started-with-1709)
+## [Get started](/windows/whats-new/whats-new-windows-10-version-1803)
## [What's new](/windows/whats-new)
## [Deployment](/windows/deployment)
## [Configuration](/windows/configuration)
diff --git a/windows/hub/index.md b/windows/hub/index.md
index 40d4c2db5e..7e81581590 100644
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@@ -8,7 +8,7 @@ author: greg-lindsay
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.date: 03/28/2018
+ms.date: 04/30/2018
---
# Windows 10 and Windows 10 Mobile
@@ -18,9 +18,9 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
-> [!video https://www.microsoft.com/en-us/videoplayer/embed/43942201-bec9-4f8b-8ba7-2d9bfafa8bba?autoplay=false]
-
+> [!video https://www.youtube.com/embed/LFiP73slWew?autoplay=false]
+## Check out [what's new in Windows 10, version 1803](../whats-new/whats-new-windows-10-version-1803).
diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
index 5f5563cbb6..872058c8f7 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
@@ -12,14 +12,15 @@ ms.date: 10/19/2017
# Configure Windows Defender Application Guard policy settings
-**Applies to:**
-- Windows 10 Enterpise edition, version 1709
-
Windows Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain.
Application Guard uses both network isolation and application-specific settings.
### Network isolation settings
+
+**Applies to:**
+- Windows 10 Enterpise edition, version 1709 or higher
+
These settings, located at **Computer Configuration\Administrative Templates\Network\Network Isolation**, help you define and manage your company's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
>[!NOTE]
@@ -37,10 +38,10 @@ These settings, located at **Computer Configuration\Administrative Templates\Win
|Name|Supported versions|Description|Options|
|-----------|------------------|-----------|-------|
-|Configure Windows Defender Application Guard clipboard settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:- Disable the clipboard functionality completely when Virtualization Security is enabled.
- Enable copying of certain content from Application Guard into Microsoft Edge.
- Enable copying of certain content from Microsoft Edge into Application Guard.
**Important**
Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
-|Configure Windows Defender Application Guard print settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:- Enable Application Guard to print into the XPS format.
- Enable Application Guard to print into the PDF format.
- Enable Application Guard to print to locally attached printers.
- Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.
**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
-|Block enterprise websites to load non-enterprise content in IE and Edge|At least Windows 10 Enterprise|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.**Note** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.
**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
-|Allow Persistence|At least Windows 10 Enterprise|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
**Disabled or not configured.** All user data within Application Guard is reset between sessions.
**Note**
If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
**To reset the container:**- Open a command-line program and navigate to Windows/System32.
- Type `wdagtool.exe cleanup`.
The container environment is reset, retaining only the employee-generated data. - Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`.
The container environment is reset, including discarding all employee-generated data.
|
-|Turn on Windows Defender Application Guard in Enterprise Mode|At least Windows 10 Enterprise|Determines whether to turn on Application Guard for Microsoft Edge.|**Enabled.** Turns on Application Guard for Microsoft Edge, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device.
**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge.|
-
-
+|Configure Windows Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher
Windows 10 Professional, 1803|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:- Disable the clipboard functionality completely when Virtualization Security is enabled.
- Enable copying of certain content from Application Guard into Microsoft Edge.
- Enable copying of certain content from Microsoft Edge into Application Guard.
**Important**
Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
+|Configure Windows Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher
Windows 10 Professional, 1803|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:- Enable Application Guard to print into the XPS format.
- Enable Application Guard to print into the PDF format.
- Enable Application Guard to print to locally attached printers.
- Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.
**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
+|Block enterprise websites to load non-enterprise content in IE and Edge|Windows 10 Enterprise, 1709 or higher
Windows 10 Professional, 1803|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.**Note** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.
**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
+|Allow Persistence|Windows 10 Enterprise, 1709 or higher
Windows 10 Professional, 1803|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
**Disabled or not configured.** All user data within Application Guard is reset between sessions.
**Note**
If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
**To reset the container:**- Open a command-line program and navigate to Windows/System32.
- Type `wdagtool.exe cleanup`.
The container environment is reset, retaining only the employee-generated data. - Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`.
The container environment is reset, including discarding all employee-generated data.
|
+|Turn on Windows Defender Application Guard in Enterprise Mode|Windows 10 Enterprise, 1709 or higher|Determines whether to turn on Application Guard for Microsoft Edge.|**Enabled.** Turns on Application Guard for Microsoft Edge, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device.
**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge.|
+|Allow files to download to host operating system|Windows 10 Enterprise, 1803|Determines whether to save downloaded files to the host operating system from the Windows Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Windows Defender Application Guard container to the host operating system.
**Disabled or not configured.** Users are not able to saved downloaded files from Application Guard to the host operating system.|
+|Allow hardware-accelerated rendering for Windows Defender Application Guard|Windows 10 Enterprise, version 1803
(experimental only)|Determines whether Windows Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Windows Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Windows Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Windows Defender Application Guard will automatically revert to software-based (CPU) rendering.
**Important**
Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.
**Disabled or not configured.** Windows Defender Application Guard uses software-based (CPU) rendering and won’t load any third-party graphics drivers or interact with any connected graphics hardware.|
diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
index 387b02dde9..d970e7206f 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
@@ -50,3 +50,10 @@ Answering frequently asked questions about Windows Defender Application Guard (A
|---|----------------------------|
|**Q:** |Why aren’t employees able to see their Extensions in the Application Guard Edge session?|
|**A:** |Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this.|
+
+
+| | |
+|---|----------------------------|
+|**Q:** |How do I configure WDAG to work with my network proxy (IP-Literal Addresses)?|
+|**A:** |WDAG requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as “192.168.1.4:81” can be annotated as “itproxy:81” or using a record such as “P19216810010” for a proxy with an IP address of 192.168.100.10. This applies to WDAG in RS3 (1709) and RS4 (1803).|
+
diff --git a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md
index c6bf82932c..1d9426c339 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md
@@ -10,17 +10,23 @@ ms.author: lizross
ms.date: 10/19/2017
---
-# Prepare and install Windows Defender Application Guard
-
-**Applies to:**
-- Windows 10 Enterprise edition, version 1709
-
## Prepare to install Windows Defender Application Guard
Before you can install and use Windows Defender Application Guard, you must determine which way you intend to use it in your enterprise. You can use Application Guard in either **Standalone** or **Enterprise-managed** mode.
-- **Standalone mode.** Employees can use hardware-isolated browsing sessions without any administrator or management policy configuration. In this mode, you must install Application Guard and then the employee must manually start Microsoft Edge in Application Guard while browsing untrusted sites. For an example of how this works, see the [Application Guard in standalone mode](test-scenarios-wd-app-guard.md) testing scenario.
+**Standalone mode**
-- **Enterprise-managed mode.** You and your security department can define your corporate boundaries by explicitly adding trusted domains and by customizing the Application Guard experience to meet and enforce your needs on employee devices. Enterprise-managed mode also automatically redirects any browser requests to load non-enterprise domain(s) in the container.
+Applies to:
+- Windows 10 Enterprise edition, version 1709 or higher
+- Windows 10 Professional edition, version 1803
+
+Employees can use hardware-isolated browsing sessions without any administrator or management policy configuration. In this mode, you must install Application Guard and then the employee must manually start Microsoft Edge in Application Guard while browsing untrusted sites. For an example of how this works, see the [Application Guard in standalone mode](test-scenarios-wd-app-guard.md) testing scenario.
+
+**Enterprise-managed mode**
+
+Applies to:
+- Windows 10 Enterprise edition, version 1709 or higher
+
+You and your security department can define your corporate boundaries by explicitly adding trusted domains and by customizing the Application Guard experience to meet and enforce your needs on employee devices. Enterprise-managed mode also automatically redirects any browser requests tooad non-enterprise domain(s) in the container.
The following diagram shows the flow between the host PC and the isolated container.
diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
index 7b79f26762..30f2490010 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
@@ -13,7 +13,8 @@ ms.date: 11/09/2017
# System requirements for Windows Defender Application Guard
**Applies to:**
-- Windows 10 Enterprise edition, version 1709
+- Windows 10 Enterprise edition, version 1709 or higher
+- Windows 10 Professional edition, version 1803
The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Windows Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.
@@ -36,6 +37,6 @@ Your environment needs the following software to run Windows Defender Applicatio
|Software|Description|
|--------|-----------|
-|Operating system|Windows 10 Enterprise edition, version 1709|
+|Operating system|Windows 10 Enterprise edition, version 1709 or higher
Windows 10 Professional edition, version 1803|
|Browser|Microsoft Edge and Internet Explorer|
-|Management system|[Microsoft Intune](https://docs.microsoft.com/en-us/intune/)
**-OR-**
[System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/)
**-OR-**
[Group Policy](https://technet.microsoft.com/en-us/library/cc753298(v=ws.11).aspx)
**-OR-**
Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.|
+|Management system
(only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/en-us/intune/)
**-OR-**
[System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/)
**-OR-**
[Group Policy](https://technet.microsoft.com/en-us/library/cc753298(v=ws.11).aspx)
**-OR-**
Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.|
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
index 62c3b16138..d11e0dc92e 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -18,6 +18,7 @@ ms.date: 04/24/2018
- Windows Server 2012 R2
- Windows Server 2016
+- Windows Server, version 1803
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)]
@@ -29,6 +30,7 @@ Windows Defender ATP extends support to also include the Windows Server operatin
Windows Defender ATP supports the onboarding of the following servers:
- Windows Server 2012 R2
- Windows Server 2016
+- Windows Server, version 1803
## Onboard Windows Server 2012 R2 and Windows Server 2016
@@ -80,6 +82,35 @@ Once completed, you should see onboarded servers in the portal within an hour.
| winatp-gw-neu.microsoft.com | 443 |
| winatp-gw-weu.microsoft.com | 443 |
+## Onboard Windows Server 2012 R2 and Windows Server 2016
+
+You’ll be able to onboard in the same method available for Windows 10 client machines. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md). Support for Windows Server, version 1803 provides deeper insight into activities happening on the server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well.
+
+1. Install the latest Windows Server Insider build on a machine. For more information, see [Windows Server Insider Preview](https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver).
+
+2. Configure Windows Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
+
+3. If you’re running a third party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings and verify it was configured correctly:
+
+ a. Set the following registry entry:
+ - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
+ - Name: ForceDefenderPassiveMode
+ - Value: 1
+
+ b. Run the following PowerShell command to verify that the passive mode was configured:
+
+ ```Get-WinEvent -FilterHashtable @{ProviderName="Microsoft-Windows-Sense" ;ID=84}```
+
+ c. Confirm that a recent event containing the passive mode event is found:
+
+ 
+
+4. Run the following command to check if Windows Defender AV is installed:
+
+ ```sc query Windefend```
+
+ If the result is ‘The specified service does not exist as an installed service’, then you'll need to install Windows Defender AV. For more information, see [Windows Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).
+
## Offboard servers
You have two options to offboard servers from the service:
- Uninstall the MMA agent
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md
index da135efb65..472a8abc15 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md
@@ -43,4 +43,4 @@ Set the baselines for calculating the score of Windows Defender security control
- [Update data retention settings for Windows Defender ATP](data-retention-settings-windows-defender-advanced-threat-protection.md)
- [Configure alert notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
-- [Configure advanced features in Windows Defender ATP](/advanced-features-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Configure advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
index af0f9887a7..63395308fe 100644
--- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
@@ -47,6 +47,7 @@ The following features are included in the preview release:
Windows Defender ATP supports the onboarding of the following servers:
- Windows Server 2012 R2
- Windows Server 2016
+ - Windows Server, version 1803
- [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.
diff --git a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
index c6c4102eb5..8fce3d5f13 100644
--- a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
@@ -297,6 +297,9 @@ For more information, see [Windows Defender Firewall with Advanced Security](htt
### BitLocker optimization
For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for BitLocker is fulfilled.
+>[!IMPORTANT]
+>This security control is only applicable for machines with Windows 10, version 1803 or later.
+
#### Minimum baseline configuration setting for BitLocker
- Ensure all supported internal drives are encrypted
- Ensure that all suspended protection on drives resume protection
diff --git a/windows/whats-new/TOC.md b/windows/whats-new/TOC.md
index 11ef584f2a..22e6c40651 100644
--- a/windows/whats-new/TOC.md
+++ b/windows/whats-new/TOC.md
@@ -1,4 +1,5 @@
# [What's new in Windows 10](index.md)
+## [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md)
## [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md)
## [What's new in Windows 10, version 1703](whats-new-windows-10-version-1703.md)
## [What's new in Windows 10, version 1607](whats-new-windows-10-version-1607.md)
diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md
index 63f5964ba8..e37e313557 100644
--- a/windows/whats-new/index.md
+++ b/windows/whats-new/index.md
@@ -5,7 +5,7 @@ ms.assetid: F1867017-76A1-4761-A200-7450B96AEF44
keywords: ["What's new in Windows 10", "Windows 10", "anniversary update", "contribute", "edit topic", "Creators Update", "Fall Creators Update"]
ms.prod: w10
author: TrudyHa
-ms.date: 10/16/2017
+ms.date: 04/30/2018
ms.localizationpriority: high
---
@@ -16,6 +16,7 @@ Windows 10 provides IT professionals with advanced protection against modern sec
## In this section
+- [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md)
- [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md)
- [What's new in Windows 10, version 1703](whats-new-windows-10-version-1703.md)
- [What's new in Windows 10, version 1607](whats-new-windows-10-version-1607.md)
diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md
new file mode 100644
index 0000000000..e246e4481c
--- /dev/null
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@@ -0,0 +1,232 @@
+---
+title: What's new in Windows 10, version 1803
+description: New and updated IT Pro content about new features in Windows 10, version 1803 (also known as the Windows 10 April 2018 Update).
+keywords: ["What's new in Windows 10", "Windows 10", "April 2018 Update"]
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: greg-lindsay
+ms.date: 04/30/2018
+ms.localizationpriority: high
+---
+
+# What's new in Windows 10, version 1803 IT Pro content
+
+**Applies to**
+- Windows 10, version 1803
+
+This article lists new and updated features and content that are of interest to IT Pros for Windows 10 version 1803, also known as the Windows 10 April 2018 Update. This update also contains all features and fixes included in previous cumulative updates to Windows 10, version 1709. Also see [What's New in Windows](https://docs.microsoft.com/en-us/windows-hardware/get-started/what-s-new-in-windows) hardware.
+
+The following 3-minute video summarizes some of the new features that are available in this release.
+
+
+
+> [!video https://www.youtube.com/embed/LFiP73slWew?autoplay=false]
+
+
+## Deployment
+
+### Windows Autopilot
+
+[Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot) provides a modern device lifecycle management service powered by the cloud that delivers a zero touch experience for deploying Windows 10.
+
+Using Intune, Autopilot now enables locking the device during provisioning during the Windows Out Of Box Experience (OOBE) until policies and settings for the device get provisioned, thereby ensuring that by the time the user gets to the desktop, the device is secured and configured correctly.
+
+Windows Autopilot is now available with Surface, Lenovo, and Dell. Other OEM partners such as HP, Toshiba, Panasonic, and Fujitsu will support Autopilot in coming months. Check back here later for more information.
+
+### Windows 10 in S mode
+
+Windows 10 in S mode is now available on both Windows 10 Home and Pro PCs, and commercial customers will be able to deploy Windows 10 Enterprise in S mode - by starting with Windows 10 Pro in S mode and then activating Windows 10 Enterprise on the computer.
+
+Some additional information about Windows 10 in S mode:
+
+- Microsoft-verified. All of your applications are verified by Microsoft for security and performance.
+- Performance that lasts. Start-ups are quick, and S mode is built to keep them that way.
+- Choice and flexibility. Save your files to your favorite cloud, like OneDrive or DropBox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps[]
+- S mode, on a range of modern devices. Enjoy all the great Windows multi-tasking features, like snapping Windows, task view and virtual desktops on a range of S mode enabled devices.
+
+If you want to switch out of S mode, you will be able to do so at no charge, regardless of edition. Once you switch out of S mode, you cannot switch back.
+
+For more information, see [Windows 10 Pro/Enterprise in S mode](https://docs.microsoft.com/windows/deployment/windows-10-pro-in-s-mode).
+
+### Windows 10 kiosk and Kiosk Browser
+
+With this release you can easily deploy and manage kiosk devices with Microsoft Intune in single and multiple app scenarios. This includes the new Kiosk Browser available from the Microsoft Store. Kiosk Browser is great for delivering a reliable and custom-tailored browsing experience for scenarios such as retail and signage. A summary of new features is below.
+
+- Using Intune, you can deploy the Kiosk Browser from the Microsoft Store, configure start URL, allowed URLs, and enable/disable navigation buttons.
+- Using Intune, you can deploy and configure shared devices and kiosks using assigned access to create a curated experience with the correct apps and configuration policies
+- Support for multiple screens for digital signage use cases.
+- The ability to ensure all MDM configurations are enforced on the device prior to entering assigned access using the Enrollment Status page.
+- The ability to configure and run Shell Launcher in addition to existing UWP Store apps.
+- A simplified process for creating and configuring an auto-logon kiosk account so that a public kiosk automatically enters a desired state after a reboot, a critical security requirement for public-facing use cases.
+- For multi-user Firstline Worker kiosk devices, instead of specifying every user, it’s now possible to assign different assigned access configurations to Azure AD groups or Active Directory groups.
+- To help with troubleshooting, you can now view error reports generated if an assigned access-configured app has issues.
+
+For more information, see:
+- [Making IT simpler with a modern workplace](https://www.microsoft.com/en-us/microsoft-365/blog/2018/04/27/making-it-simpler-with-a-modern-workplace/)
+- [Simplifying kiosk management for IT with Windows 10](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Simplifying-kiosk-management-for-IT-with-Windows-10/ba-p/187691)
+
+### Windows 10 Subscription Activation
+
+With this release, Subscription Activation supports Inherited Activation. Inherited Activation allows Windows 10 virtual machines to inherit activation state from their Windows 10 host.
+
+For more information, see [Windows 10 Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation#inherited-activation).
+
+### DISM
+
+The following new DISM commands have been added to manage feature updates:
+
+ DISM /Online /Initiate-OSUninstall
+ – Initiates a OS uninstall to take the computer back to the previous installation of windows.
+ DISM /Online /Remove-OSUninstall
+ – Removes the OS uninstall capability from the computer.
+ DISM /Online /Get-OSUninstallWindow
+ – Displays the number of days after upgrade during which uninstall can be performed.
+ DISM /Online /Set-OSUninstallWindow
+ – Sets the number of days after upgrade during which uninstall can be performed.
+
+For more information, see [DISM operating system uninstall command-line options](https://review.docs.microsoft.com/windows-hardware/manufacture/desktop/dism-uninstallos-command-line-options).
+
+### Windows Setup
+
+You can now run your own custom actions or scripts in parallel with Windows Setup. Setup will also migrate your scripts to next feature release, so you only need to add them once.
+
+Prerequisites:
+- Windows 10, version 1803 or later.
+- Windows 10 Enterprise or Pro
+
+For more information, see [Run custom actions during feature update](https://review.docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions).
+
+It is also now possible to run a script if the user rolls back their version of Windows using the PostRollback option.
+
+ /PostRollback [\setuprollback.cmd] [/postrollback {system / admin}]
+
+For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options#21)
+
+New command-line switches are also available to control BitLocker:
+
+ Setup.exe /BitLocker AlwaysSuspend
+ – Always suspend bitlocker during upgrade.
+ Setup.exe /BitLocker TryKeepActive
+ – Enable upgrade without suspending bitlocker but if upgrade, does not work then suspend bitlocker and complete the upgrade.
+ Setup.exe /BitLocker ForceKeepActive
+ – Enable upgrade without suspending bitlocker, but if upgrade does not work, fail the upgrade.
+
+For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options#33)
+
+### SetupDiag
+
+[SetupDiag](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag) is a new command-line tool that can help diagnose why a Windows 10 update failed.
+
+SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 26 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available.
+
+### Windows Update for Business (WUfB)
+
+Windows Update for Business now provides greater control over updates, with the ability to pause and uninstall problematic updates using Intune. For more information, see [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure).
+
+### Feature update improvements
+
+Portions of the work done during the offline phases of a Windows update have been moved to the online phase. This has resulted in a significant reduction of offline time when installing updates. For more information, see [We're listening to you](https://insider.windows.com/en-us/articles/were-listening-to-you/).
+
+## Configuration
+
+### Co-management
+
+Intune and System Center Configuration Manager policies have been added to enable hyrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management.
+
+For more information, see [What's New in MDM enrollment and management](https://docs.microsoft.com/en-us/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1803)
+
+### OS uninstall period
+
+The OS uninstall period is a length of time that users are given when they can optionally roll back a Windows 10 update. With this release, administrators can use Intune or [DISM](#dism) to customize the length of the OS uninstall period.
+
+### Windows Hello for Business
+
+[Windows Hello](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-features) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in the [Kiosk configuration](#kiosk-configuration) section.
+
+- Windows Hello is now [password-less on S-mode](https://www.windowslatest.com/2018/02/12/microsoft-make-windows-10-password-less-platform/).
+- Support for S/MIME with Windows Hello for Business and APIs for non-Microsoft identity lifecycle management solutions.
+- Windows Hello is part of the account protection pillar in Windows Defender Security Center. Account Protection will encourage password users to set up Windows Hello Face, Fingerprint or PIN for faster sign in, and will notify Dynamic lock users if Dynamic lock has stopped working because their phone or device Bluetooth is off.
+- You can set up Windows Hello from lock screen for MSA accounts. We’ve made it easier for Microsoft account users to set up Windows Hello on their devices for faster and more secure sign-in. Previously, you had to navigate deep into Settings to find Windows Hello. Now, you can set up Windows Hello Face, Fingerprint or PIN straight from your lock screen by clicking the Windows Hello tile under Sign-in options.
+- New [public API](https://docs.microsoft.com/en-us/uwp/api/windows.security.authentication.web.core.webauthenticationcoremanager.findallaccountsasync#Windows_Security_Authentication_Web_Core_WebAuthenticationCoreManager_FindAllAccountsAsync_Windows_Security_Credentials_WebAccountProvider_) for secondary account SSO for a particular identity provider.
+- Is is easier to set up Dynamic lock, and WD SC actionable alerts have been added when Dynamic lock stops working (ex: phone Bluetooth is off).
+
+For more information, see: [Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/#OdKBg3pwJQcEKCbJ.97)
+
+## Accessibility and Privacy
+
+### Accessibility
+
+"Out of box" accessibility is enhanced with auto-generated picture descriptions. For more information about accessibility, see [Accessibility information for IT Professionals](https://docs.microsoft.com/windows/configuration/windows-10-accessibility-for-itpros).
+
+### Privacy
+
+In the Feedback and Settings page under Privacy Settings you can now delete the diagnostic data your device has sent to Microsoft. You can also view this diagnostic data using the [Diagnostic Data Viewer](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview) app.
+
+## Security
+
+### Security Baselines
+
+A draft of the new [security baseline for Windows 10 version 1803](https://blogs.technet.microsoft.com/secguide/2018/03/27/security-baseline-for-windows-10-v1803-redstone-4-draft/) has been published.
+
+### Windows Defender Antivirus
+
+Windows Defender Antivirus now shares detection status between M365 services and interoperates with Windows Defender ATP. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus).
+
+### Windows Defender Exploit Guard
+
+Windows Defender Exploit Guard enhanced attack surface area reduction, extended support to Microsoft Office applications, and now supports Windows Server. [Virtualization-based Security](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/Windows-Defender-System-Guard-Making-a-leap-forward-in-platform/m-p/167303) (VBS) and Hypervisor-protected code integrity (HVCI) can now be enabled across the Windows 10 ecosystem. These Exploit Guard features can now be enabled through the Windows Defender Security Center.
+
+For more information, see [Reduce attack surfaces with Windows Defender Exploit Guard](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
+
+### Windows Defender ATP
+
+[Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) has been enhanced with many new capabilities. For more information, see the following topics:
+
+- [Query data using Advanced hunting in Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)
+- [Use Automated investigations to investigate and remediate threats](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)
+- [Enable conditional access to better protect users, devices, and data](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection)
+
+Also see [New capabilities of Windows Defender ATP further maximizing the effectiveness and robustness of endpoint security](https://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security/#62FUJ3LuMXLQidVE.97)
+
+### Windows Defender Application Guard
+
+Windows Defender Application Guard has added support for Edge. For more information, see [System requirements for Windows Defender Application Guard](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard#software-requirements)
+
+### Windows Defender Device Guard
+
+Configurable code integrity is being rebranded as Windows Defender Application Control. This is to help distinguish it as a standalone feature to control execution of applications. For more information about Device Guard, see Windows [Defender Device Guard deployment guide](https://docs.microsoft.com/en-us/windows/device-security/device-guard/device-guard-deployment-guide).
+
+### Windows Information Protection
+
+This release enables support for WIP with Files on Demand, allows file encryption while the file is open in another app, and improves performance. For more information, see [OneDrive Files On-Demand For The Enterprise](https://techcommunity.microsoft.com/t5/OneDrive-Blog/OneDrive-Files-On-Demand-For-The-Enterprise/ba-p/117234).
+
+### Office 365 Ransomware Detection
+
+For Office 365 Home and Office 365 Personal subscribers, Ransomware Detection notifies you when your OneDrive files have been attacked and guides you through the process of restoring your files. For more information, see [Ransomware detection and recovering your files](https://support.office.com/en-us/article/ransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f?ui=en-US&rs=en-US&ad=US)
+
+## Windows Analytics
+
+### Upgrade Readiness
+
+Upgrade Readiness has added the ability to assess Spectre and Meltdown protections on your devices. This addition allows you to see if your devices have Windows OS and firmware updates with Spectre and Meltdown mitigations installed, as well as whether your antivirus client is compatible with these updates. For more information, see [Upgrade Readiness now helps assess Spectre and Meltdown protections](https://blogs.technet.microsoft.com/upgradeanalytics/2018/02/13/upgrade-readiness-now-helps-assess-spectre-and-meltdown-protections/)
+
+### Update Compliance
+
+Update Compliance has added Delivery Optimization to assess the bandwidth consumption of Windows Updates. For more information, see [Delivery Optimization in Update Compliance](https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-delivery-optimization)
+
+### Device Health
+
+Device Health’s new App Reliability reports enable you to see where app updates or configuration changes may be needed to reduce crashes. The Login Health reports reveal adoption, success rates, and errors for Windows Hello and for passwords— for a smooth migration to the password-less future. For more information, see [Using Device Health](https://docs.microsoft.com/en-us/windows/deployment/update/device-health-using)
+
+## Microsoft Edge
+
+iOS and Android versions of Edge are now available. Support in [Windows Defender Application Guard](#windows-defender-application-guard) is also improved.
+
+
+## See Also
+
+[Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features.
+[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.
+[What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware.
+[Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709.