Merge remote-tracking branch 'upstream/master' into surface-devices-jkaiser

devices/hololens/TOC.md

@@ -5,6 +5,7 @@
 ## [Get your HoloLens 2 ready to use](hololens2-setup.md)
 ## [Set up your HoloLens 2](hololens2-start.md)
 ## [HoloLens 2 fit and comfort FAQ](hololens2-fit-comfort-faq.md)
+## [Frequently asked questions about cleaning HoloLens 2 devices](hololens2-maintenance.md)
 ## [Supported languages for HoloLens 2](hololens2-language-support.md)
 ## [Getting around HoloLens 2](hololens2-basic-usage.md)
 
@@ -58,12 +59,15 @@
 ## [Update HoloLens](hololens-update-hololens.md)
 ## [Restart, reset, or recover HoloLens](hololens-recovery.md)
 ## [Troubleshoot HoloLens issues](hololens-troubleshooting.md)
+## [Collect diagnostic information from HoloLens devices](hololens-diagnostic-logs.md)
 ## [Known issues for HoloLens](hololens-known-issues.md)
 ## [Frequently asked questions](hololens-faq.md)
 ## [Frequently asked security questions](hololens-faq-security.md)
 ## [Status of the HoloLens services](hololens-status.md)
 ## [Get support](https://support.microsoft.com/supportforbusiness/productselection?sapid=3ec35c62-022f-466b-3a1e-dbbb7b9a55fb)
-## [SCEP whitepaper](scep-whitepaper.md)
+
+# Resources
+## [Windows Autopilot for HoloLens 2 evaluation guide](hololens2-autopilot.md)
 
 # [HoloLens release notes](hololens-release-notes.md)
 # [Give us feedback](hololens-feedback.md)

devices/hololens/change-history-hololens.md

@@ -1,7 +1,7 @@
 ---
 title: Change history for Microsoft HoloLens documentation
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 description: This topic lists new and updated topics for HoloLens.
 keywords: change history
 ms.prod: hololens

devices/hololens/holographic-3d-viewer-beta.md

@@ -1,6 +1,6 @@
 ---
-title: Using 3D Viewer on HoloLens
-description: Describes the types of files and features that 3D Viewer Beta on HoloLens supports, and how to use and troubleshoot the app.
+title: Using 3D Viewer Beta on HoloLens
+description: Describes the types of files and features that 3D Viewer Beta on HoloLens (1st gen) supports, and how to use and troubleshoot the app.
 ms.prod: hololens
 ms.sitesec: library
 author: Teresa-Motiv
@@ -15,15 +15,18 @@ appliesto:
 - HoloLens (1st gen)
 ---
 
-# Using 3D Viewer on HoloLens
+# Using 3D Viewer Beta on HoloLens
 
-3D Viewer lets you view 3D models on HoloLens. You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps.
+3D Viewer Beta lets you view 3D models on HoloLens (1st gen). You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps.
 
-If you're having trouble opening a 3D model in 3D Viewer, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications).
+>[!NOTE]
+>This article applies to the immersive Unity **3D Viewer Beta** app, which supports .fbx files and is only available on HoloLens (1st gen). The pre-installed **3D Viewer** app on HoloLens 2 supports opening custom .glb 3D models in the mixed reality home (see [Asset requirements overview](https://docs.microsoft.com/windows/mixed-reality/creating-3d-models-for-use-in-the-windows-mixed-reality-home#asset-requirements-overview) for more details. 
 
-To build or optimize 3D models for use with 3D Viewer, see [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer-beta).
+If you're having trouble opening a 3D model in 3D Viewer Beta, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications).
 
-There are two ways to open a 3D model on HoloLens. See [Viewing 3D models on HoloLens](#viewing-3d-models-on-hololens) to learn more.
+To build or optimize 3D models for use with 3D Viewer Beta, see [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
+
+There are two ways to open a 3D model on HoloLens. See [Viewing FBX files on HoloLens](#viewing-fbx-files-on-hololens) to learn more.
 
 If you're having trouble after reading these topics, see [Troubleshooting](#troubleshooting).
 
@@ -122,7 +125,7 @@ By default, 3D Viewer Beta displays 3D models at a comfortable size and position
 
 To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer Beta will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer Beta is 1 meter per FBX unit.
 
-## Viewing 3D models on HoloLens
+## Viewing FBX files on HoloLens
 
 ### Open an FBX file from Microsoft Edge
 

devices/hololens/hololens-calibration.md

@@ -86,6 +86,8 @@ If calibration is unsuccessful try:
 
 If you followed all guidelines and calibration is still failing, please let us know by filing feedback in [Feedback Hub](hololens-feedback.md).
 
+Note that setting IPD is not applicable for Hololens 2, since eye positions are computed by the system. 
+
 ### Calibration data and security
 
 Calibration information is stored locally on the device and is not associated with any account information. There is no record of who has used the device without calibration. This mean new users will get prompted to calibrate visuals when they use the device for the first time, as well as users who opted out of calibration previously or if calibration was unsuccessful.
@@ -105,6 +107,8 @@ You can also disable the calibration prompt by following these steps:
 ### HoloLens 2 eye-tracking technology
 
 The device uses its eye-tracking technology to improve display quality, and to ensure that all holograms are positioned accurately and comfortable to view in 3D. Because it uses the eyes as landmarks, the device can adjust itself for every user and tune its visuals as the headset shifts slightly throughout use.  All adjustments happen on the fly without a need for manual tuning.
+> [!NOTE]
+> Setting the IPD is not applicable for Hololens 2, since eye positions are computed by the system.
 
 HoloLens applications use eye tracking to track where you are looking in real time. This is the main capability developers can leverage to enable a whole new level of context, human understanding and interactions within the Holographic experience. Developers don’t need to do anything to leverage this capability.
 

devices/hololens/hololens-connect-devices.md

@@ -32,7 +32,7 @@ HoloLens (1st gen) supports the following classes of Bluetooth devices:
 - HoloLens (1st gen) clicker
 
 > [!NOTE]
-> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may be listed as available in HoloLens settings. However, these devices aren't supported on HoloLens (1st gen). For more information, see [I'm having problems pairing or using a Bluetooth device](hololens-FAQ.md#im-having-problems-pairing-or-using-a-bluetooth-device).
+> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may be listed as available in HoloLens settings. However, these devices aren't supported on HoloLens (1st gen). For more information, see [HoloLens Settings lists devices as available, but the devices don't work](hololens-FAQ.md#hololens-settings-lists-devices-as-available-but-the-devices-dont-work).
 
 ### Pair a Bluetooth keyboard or mouse
 

devices/hololens/hololens-cortana.md

@@ -30,7 +30,7 @@ This article teaches you how to control HoloLens and your holographic world with
 
 ## Built-in voice commands
 
-Get around HoloLens faster with these basic commands. In order to use these you need to enable Speech during first run of the device or in **Settings** > **Privacy** > **Speech**. You can always check whether speech is enabled by looking at the status at the top of Start menu.
+Get around HoloLens faster with these basic commands. In order to use these, you need to enable Speech during the first run of the device or in **Settings** > **Privacy** > **Speech**. You can always check whether speech is enabled by looking at the status at the top of the Start menu. For the best speech recognition results, HoloLens 2 uses the Microsoft cloud-based services. However, you can use Settings to disable this feature. To do this, in Settings, turn off **Online speech recognition**. After you change this setting, HoloLens 2 will only process voice data locally to recognize commands and dictation, and Cortana will not be available.
 
 ### General speech commands
 
@@ -48,6 +48,19 @@ Use these commands throughout Windows Mixed Reality to get around faster. Some c
 |Hide and show hand ray | "Hide hand ray" / "Show hand ray" |
 |See available speech commands | "What can I say?" |
 
+Starting with version 19041.x of HoloLens 2, you can also use these commands:
+
+| Say this | To do this |
+| - | - |
+| "Restart device" | Bring up a dialogue to confirm you want to restart the device. You can say "yes" to restart. |
+| "Shutdown device" | Bring up a dialogue to confirm you want to turn off the device. You can say "yes" to confirm. |
+| "Brightness up/down" | Increase or decrease the display brightness by 10%. |
+| "Volume up/down" | Increase or decrease the volume by 10%. |
+| "What's my IP address" | Bring up a dialogue displaying your device's current IP address on the local network. |
+| "Take a picture" | Capture a mixed reality photo of what you are currently seeing. |
+| "Take a video" | Start recording a mixed reality video. | 
+| "Stop recording" | Stops the current mixed reality video recording if one is in progress. |
+
 ### Hologram commands
 
 To use these commands, gaze at a 3D object, hologram, or app window.
@@ -87,7 +100,7 @@ Sometimes it's helpful to spell out things like email addresses. For instance, t
 
 ## Do more with Cortana
 
-Cortana can help you do all kinds of things on your HoloLens, from searching the web to shutting down your device. She can give you suggestions, ideas, reminders, alerts, and more. To get her attention, select Cortana  on **Start** or say "Hey Cortana" anytime.
+Cortana can help you do all kinds of things on your HoloLens, but depending on which version of Windows Holographic you're using, the capablities may be different. You can learn more about the updated capabilites of the latest version of Cortana [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/). 
 
 ![Hey Cortana!](images/cortana-on-hololens.png)
 
@@ -96,22 +109,27 @@ Here are some things you can try saying (remember to say "Hey Cortana" first).
 **Hey, Cortana**...
 
 - What can I say?
+- Launch <*app name*>.
+- What time is it?
+- Show me the latest NBA scores.
+- Tell me a joke.
+
+If you're using *version 18362.x or earlier*, you can also use these commands:
+
+**Hey, Cortana**...
+
 - Increase the volume.
 - Decrease the brightness.
 - Shut down.
 - Restart.
 - Go to sleep.
 - Mute.
-- Launch <*app name*>.
 - Move <*app name*> here (gaze at the spot that you want the app to move to).
 - Go to Start.
 - Take a picture.
 - Start recording. (Starts recording a video.)
 - Stop recording. (Stops recording a video.)
-- What time is it?
-- Show me the latest NBA scores.
 - How much battery do I have left?
-- Tell me a joke.
 
 Some Cortana features that you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens, and the Cortana experience may vary from one region to another.
 

devices/hololens/hololens-diagnostic-logs.md

@@ -0,0 +1,269 @@
+---
+title: Collect and use diagnostic information from HoloLens devices
+description: 
+author: Teresa-Motiv
+ms.author: v-tea
+ms.date: 03/23/2020
+ms.prod: hololens
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.topic: article
+ms.custom: 
+- CI 115131
+- CSSTroubleshooting
+audience: ITPro
+ms.localizationpriority: medium
+keywords: 
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Collect and use diagnostic information from HoloLens devices
+
+HoloLens users and administrators can choose from among four different methods to collect diagnostic information from HoloLens:
+
+- Feedback Hub app
+- DiagnosticLog CSP
+- Settings app
+- Fallback diagnostics
+
+> [!IMPORTANT]  
+> Device diagnostic logs contain personally identifiable information (PII), such as about what processes or applications the user starts during typical operations. When multiple users share a HoloLens device (for example, users sign in to the same device by using different Microsoft Azure Active Directory (AAD) accounts) the diagnostic logs may contain PII information that applies to multiple users. For more information, see [Microsoft Privacy statement](https://privacy.microsoft.com/privacystatement).
+
+The following table compares the four collection methods. The method names link to more detailed information in the sections that follow the table.
+
+|Method |Prerequisites |Data locations |Data access and use |Data retention |
+| --- | --- | --- | --- | --- |
+|[Feedback Hub](#feedback-hub) |Network and internet connection<br /><br />Feedback Hub app<br /><br />Permission to upload files to the Microsoft cloud |Microsoft cloud<br /><br />HoloLens device (optional) |User requests assistance, agrees to the terms of use, and uploads the data<br /><br />Microsoft employees view the data, as consistent with the terms of use |Data in the cloud is retained for the period that is defined by Next Generation Privacy (NGP). Then the data is deleted automatically.<br /><br />Data on the device can be deleted at any time by a user who has **Device owner** or **Admin** permissions. |
+|[Settings Troubleshooter](#settings-troubleshooter) |Settings app |HoloLens device<br /><br />Connected computer (optional) |The user stores the data, and only the user accesses the data (unless the user specifically shares the data with another user). |The data is retained until the user deletes it. |
+|[DiagnosticLog CSP](#diagnosticlog-csp) |Network connection<br /><br />MDM environment that supports the DiagnosticLog CSP |Administrator configures storage locations |In the managed environment, the user implicitly consents to administrator access to the data.<br /><br />Administrator configures access roles and permissions. | Administrator configures retention policy. |
+|[Fallback diagnostics](#fallback-diagnostics) |Device configuration:<ul><li>Powered on and connected to computer</li><li>Power and Volume buttons functioning</li></ul> |HoloLens device<br /><br />Connected computer |The user stores the data, and only the user accesses the data (unless the user specifically shares the data with another user). |The data is retained until the user deletes it. |
+
+## Feedback Hub
+
+A HoloLens user can use the Microsoft Feedback Hub desktop app to send diagnostic information to Microsoft Support. For details and complete instructions, see [Give us feedback](hololens-feedback.md).  
+
+> [!NOTE]  
+> **Commercial or enterprise users:** If you use the Feedback Hub app to report a problem that relates to MDM, provisioning, or any other device management aspect, change the app category to **Enterprise Management** > **Device category**.
+
+### Prerequisites
+
+- The device is connected to a network.
+- The Feedback Hub app is available on the user's desktop computer, and the user can upload files to the Microsoft cloud.
+
+### Data locations, access, and retention
+
+By agreeing to the terms-of-use of the Feedback Hub, the user explicitly consents to the storage and usage of the data (as defined by that agreement).
+
+The Feedback Hub provides two places for the user to store diagnostic information:
+
+- **The Microsoft cloud**. Data that the user uploads by using the Feedback Hub app is stored for the number of days that is consistent with Next Generation Privacy (NGP) requirements. Microsoft employees can use an NGP-compliant viewer to access the information during this period.
+   > [!NOTE]  
+   > These requirements apply to data in all Feedback Hub categories.
+
+- **The HoloLens device**. While filing a report in Feedback Hub, the user can select **Save a local copy of diagnostics and attachments created when giving feedback**. If the user selects this option, the Feedback Hub stores a copy of the diagnostic information on the HoloLens device. This information remains accessible to the user (or anyone that uses that account to sign in to HoloLens). To delete this information, a user must have **Device owner** or **Admin** permissions on the device. A user who has the appropriate permissions can sign in to the Feedback Hub, select **Settings** > **View diagnostics logs**, and delete the information.
+
+## Settings Troubleshooter
+
+A HoloLens user can use the Settings app on the device to troubleshoot problems and collect diagnostic information. To do this, follow these steps:
+
+1. Open the Settings app and select **Update & Security** > **Troubleshoot** page.
+1. Select the appropriate area, and select **Start**.
+1. Reproduce the issue.
+1. After you reproduce the issue, return to Settings and then select **Stop**.
+
+### Prerequisites
+
+- The Settings app is installed on the device and is available to the user.
+
+### Data locations, access, and retention
+
+Because the user starts the data collection, the user implicitly consents to the storage of the diagnostic information. Only the user, or anyone with whom that the user shares the data, can access the data.
+
+The diagnostic information is stored on the device. If the device is connected to the user's computer, the information also resides on the computer in the following file:
+
+> This PC\\\<*HoloLens device name*>\\Internal Storage\\Documents\\Trace\<*ddmmyyhhmmss*>.etl
+
+> [!NOTE]  
+> In this file path and name, \<*HoloLens device name*> represents the name of the HoloLens device, and \<*ddmmyyhhmmss*> represents the date and time that the file was created.
+
+The diagnostic information remains in these locations until the user deletes it.
+
+## DiagnosticLog CSP
+
+In a Mobile Device Management (MDM) environment, the IT administrator can use the the [DiagnosticLog configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/diagnosticlog-csp) to configure diagnostic settings on enrolled HoloLens devices. The IT administrator can configure these settings to collect logs from enrolled devices.
+
+### Prerequisites
+
+- The device is connected to a network.
+- The device is enrolled in an MDM environment that supports the DiagnosticLog CSP.
+
+### Data locations, access, and retention
+
+Because the device is part of the managed environment, the user implicitly consents to administrative access to diagnostic information.
+
+The IT administrator uses the DiagnosticLog CSP to configure the data storage, retention, and access policies, including the policies that govern the following:
+
+- The cloud infrastructure that stores the diagnostic information.
+- The retention period for the diagnostic information.
+- Permissions that control access to the diagnostic information.
+
+## Fallback diagnostics
+
+While device telemetry usually provides an initial understanding of a problem report, some issues require a broader and deeper understanding of the device state. When you (as a user or an administrator) investigate such issues, diagnostic logs that reside on the device are more useful than the basic device telemetry.
+
+The fallback diagnostics process provides a way for you to gather diagnostic information if no other methods are available. Such scenarios include the following:
+
+- The network or network-based resources (such as the Feedback Hub, MDM, and so on) are not available.
+- The device is "stuck" or locked in a state in which usual troubleshooting capabilities (such as the Settings app) are not available. Such scenarios include the Out-of-Box-Experience (OOBE), kiosk mode, and a locked or "hung" user interface.
+
+> [!IMPORTANT]  
+> - On HoloLens 2 devices, you can use fallback diagnostics under the following conditions only:
+>   - During the Out-of-the-Box-Experience (OOBE) and when you select **Send Full Diagnostics Data**.
+>   - If the environment's Group Policy enforces the **System\AllowTelemetry** policy value of **Full**.
+> - On HoloLens (1st gen) devices, you can use fallback diagnostics on HoloLens version 17763.316 or a later version. This version is the version that the Windows Device Recovery Tool restores when it resets the device.  
+
+### How to use fallback diagnostics
+
+Before you start the fallback diagnostics process, make sure of the following:
+
+- The device is connected to a computer by using a USB cable.
+- The device is powered on.
+- The Power and Volume buttons on the device are functioning correctly.
+
+To collect fallback diagnostic information, follow these steps:
+
+1. On the device, press the Power and Volume Down buttons at the same time and then release them.
+1. Wait for few seconds while the device collects the data.
+
+### Data locations
+
+The device stores the data locally. You can access that information from the connected desktop computer at the following location:
+
+> This PC\\\<*HoloLens device name*>\\Internal Storage\\Documents
+
+For more information about the files that the fallback diagnostics process collects, see [What diagnostics files does the fallback diagnostics process collect?](#what-diagnostics-files-does-the-fallback-diagnostics-process-collect).
+
+### Data access, use, and retention
+
+Because you store the data yourself, only you have access to the data. If you choose to share the data with another user, you implicitly grant permission for that user to access or store the data.
+
+The data remains until you delete it.
+
+### Frequently asked questions about fallback diagnostics on HoloLens
+
+#### Does the device have to be enrolled with an MDM system?
+
+No.
+
+#### How can I use fallback diagnostics on HoloLens?
+
+Before you start the fallback diagnostics process, make sure of the following:
+
+- The device is connected to a computer by using a USB cable.
+- The device is powered on.
+- The Power and Volume buttons on the device are functioning correctly.
+
+To collect fallback diagnostic information, follow these steps:
+
+1. On the device, press the Power and Volume Down buttons at the same time and then release them.
+1. Wait for few seconds while the device collects the data.
+
+#### How would I know that data collection finished?
+
+The fallback diagnostics process does not have a user interface. On HoloLens 2, when the process starts to collect data, it creates a file that is named HololensDiagnostics.temp. When the process finishes, it removes the file.
+
+#### What diagnostics files does the fallback diagnostics process collect?
+
+The fallback diagnostics process collects one or more .zip files, depending on the version of HoloLens. The following table lists each of the possible .zip files, and the applicable versions of HoloLens.
+
+|File |Contents |HoloLens (1st gen) |HoloLens 2 10.0.18362+ |HoloLens 2 10.0.19041+ |
+| --- | --- | --- | --- | --- |
+|HololensDiagnostics.zip |Files&nbsp;for&nbsp;tracing sessions that ran on the device.<br /><br />Diagnostic information that's specific to Hololens. |✔️ |✔️ |✔️ |
+|DeviceEnrollmentDiagnostics.zip |Information that's related to MDM, device enrollment, CSPs, and policies. | |✔️ |✔️ |
+|AutoPilotDiagnostics.zip |Information that's related to autopilot and licensing.| | |✔️ |
+|TPMDiagnostics.zip |Information that's related to the trusted platform module (TPM) on the device | | |✔️ |
+
+> [!NOTE]  
+> Starting on May 2, 2019, the fallback diagnostics process collects EventLog*.etl files only if the signed-in user is the device owner. This is because these files may contain PII data. Such data is accessible to device owners only. This behavior matches the behavior of Windows desktop computers, where administrators have access to event log files but other users do not.
+
+**Sample diagnostic content for HoloLens (1st gen)**
+
+HololensDiagnostics.zip contains files such as the following:
+
+- AuthLogon.etl
+- EventLog-HupRe.etl.001
+- FirstExperience.etl.001
+- HetLog.etl
+- HoloInput.etl.001
+- HoloShell.etl.001
+- WiFi.etl.001
+
+**Sample diagnostic content for HoloLens 2 10.0.18362+**
+
+HololensDiagnostics.zip contains files such as the following:
+
+- EventLog-Application.etl.001*
+- EventLog-System.etl.001*
+- AuthLogon.etl
+- EventLog-HupRe.etl.001
+- FirstExperience.etl.001
+- HetLog.etl
+- HoloInput.etl.001
+- HoloShell.etl.001
+- WiFi.etl.001
+- CSPsAndPolicies.etl.001
+- RadioMgr.etl
+- WiFiDriverIHVSession.etl
+
+DeviceEnrollmentDiagnostics.zip contains files such as the following:
+
+- MDMDiagHtmlReport.html
+- MdmDiagLogMetadata.json
+- MDMDiagReport.xml
+- MdmDiagReport_RegistryDump.reg
+- MdmLogCollectorFootPrint.txt
+
+**Sample diagnostic content for HoloLens 2 10.0.19041+**
+
+HololensDiagnostics.zip contains files such as the following:
+
+- EventLog-Application.etl.001*
+- EventLog-System.etl.001*
+- AuthLogon.etl
+- EventLog-HupRe.etl.001
+- FirstExperience.etl.001
+- HetLog.etl
+- HoloInput.etl.001
+- HoloShell.etl.001
+- WiFi.etl.001
+- CSPsAndPolicies.etl.001
+- RadioMgr.etl
+- WiFiDriverIHVSession.etl
+- DisplayDiagnosticData.json
+- HUP dumps
+
+DeviceEnrollmentDiagnostics.zip contains files such as the following:
+
+- MDMDiagHtmlReport.html
+- MdmDiagLogMetadata.json
+- MDMDiagReport.xml
+- MdmDiagReport_RegistryDump.reg
+- MdmLogCollectorFootPrint.txt
+
+AutoPilotDiagnostics.zip contains files such as the following:
+
+- DeviceHash_HoloLens-U5603.csv
+- LicensingDiag.cab
+- LicensingDiag_Output.txt
+- TpmHliInfo_Output.txt
+- DiagnosticLogCSP_Collector_DeviceEnrollment_\*.etl
+- DiagnosticLogCSP_Collector_Autopilot_*.etl
+
+TPMDiagnostics.zip contains files such as the following:
+
+- CertReq_enrollaik_Output.txt
+- CertUtil_tpminfo_Output.txt
+- TPM\*.etl

devices/hololens/hololens-encryption.md

@@ -10,7 +10,7 @@ ms.topic: article
 ms.localizationpriority: medium
 ms.date: 01/26/2019
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 appliesto:
 - HoloLens (1st gen)
 ---

devices/hololens/hololens-enroll-mdm.md

@@ -10,7 +10,7 @@ ms.topic: article
 ms.localizationpriority: medium
 ms.date: 07/15/2019
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 appliesto:
 - HoloLens (1st gen)
 - HoloLens 2

devices/hololens/hololens-faq-security.md

@@ -73,8 +73,6 @@ appliesto:
 1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know it's only on that device, unique to that device, and can't be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?**
     1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string that's sent to the client.
     1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldn't be verified on a different device, rendering the certs/key unusable on different devices.
-1. **SCEP is vulnerable. How does Microsoft mitigate the known vulnerabilities of SCEP?**
-    1. This [SCEP Whitepaper](scep-whitepaper.md) addresses how Microsoft mitigates SCEP vulnerabilities.
 
 ## HoloLens 2nd Gen Security Questions
 
@@ -125,5 +123,3 @@ appliesto:
 1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know it's only on that device, unique to that device, and can't be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?**
     1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string that's sent to the client.
     1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldn't be verified on a different device, rendering the certs/key unusable on different devices.
-1. **SCEP is vulnerable. How does Microsoft mitigate the known vulnerabilities of SCEP?**
-    1. This [SCEP Whitepaper](scep-whitepaper.md) addresses how Microsoft mitigates SCEP vulnerabilities.

devices/hololens/hololens-insider.md

@@ -13,7 +13,7 @@ ms.localizationpriority: medium
 audience: ITPro
 ms.date: 1/6/2020
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 appliesto:
 - HoloLens 2
 ---
@@ -36,13 +36,13 @@ If you no longer want to receive Insider builds of Windows Holographic, you can
 
 To verify that your HoloLens is running a production build:
 
-- Go to **Settings > System > About**, and find the build number.
-- [See the release notes for production build numbers.](hololens-release-notes.md)
+1. Go to **Settings > System > About**, and find the build number.
+1. [See the release notes for production build numbers.](hololens-release-notes.md)
 
 To opt out of Insider builds:
 
-- On a HoloLens running a production build, go to **Settings > Update & Security > Windows Insider Program**, and select **Stop Insider builds**.
-- Follow the instructions to opt out your device.
+1. On a HoloLens running a production build, go to **Settings > Update & Security > Windows Insider Program**, and select **Stop Insider builds**.
+1. Follow the instructions to opt out your device.
 
 ## Provide feedback and report issues
 
@@ -65,8 +65,9 @@ Here's a quick summary of what's new:
 - Seamlessly apply a provisioning package from a USB drive to your HoloLens
 - Use a provisioning packages to enroll your HoloLens to your Mobile Device Management system
 - Use Windows AutoPilot to set up and pre-configure new devices, quickly getting them ready for productive use.  Send a note to hlappreview@microsoft.com to join the preview.
-- Dark Mode - many Windows apps support both dark and light modes, and now HoloLens customers can choose the default mode for apps that support both color schemes! Based on customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time. Navigate to Settings > System > Colors to find "Choose your default app mode."
+- Dark Mode - HoloLens customers can now choose the default mode for apps that support both color schemes! Based on customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time.
 - Support for additional system voice commands
+- An updated Cortana app with a focus on productivity
 - Hand Tracking improvements to reduce the tendency to close the index finger when pointing. This should make button pressing and 2D slate usage feel more accurate
 - Performance and stability improvements across the product
 - More information in settings on HoloLens about the policy pushed to the device
@@ -95,9 +96,30 @@ You can now can access these commands with your voice:
 - "Volume up"
 - "Volume down"
 - "What is my IP address?"
+- "Take a picture"
+- "Take a video" / "Stop recording"
 
 If you're running your system with a different language, please try the appropriate commands in that language.
 
+### Cortana updates
+The updated app integrates with Microsoft 365, currently in English (United States) only, to help you get more done across your devices. On HoloLens 2, Cortana will no longer support certain device-specific commands like adjusting the volume or restarting the device, which are now supported with the new system voice commands above. Learn more about the new Cortana app and its direction on our blog [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/). 
+
+There's currently an issue we're investigating that requires you to launch the app once after booting the device in order to use the "Hey Cortana" keyword activation, and if you updated from a 18362 build, you may see an app tile for the previous version of the Cortana app in Start that no longer works. 
+
+### Dark mode
+Many Windows apps support both dark and light modes, and now HoloLens customers can choose the default mode for apps that support both. Once updated, the default app mode will be "dark," but can be changed easily. Navigate to **Settings > System > Colors to find "Choose your default app mode."**
+Here are some of the in-box apps that support Dark mode!
+- Settings
+- Microsoft Store
+- Mail
+- Calendar
+- File Explorer
+- Feedback Hub
+- OneDrive
+- Photos
+- 3D Viewer
+- Movies & TV
+
 ### FFU download and flash directions
 To test with a flight signed ffu, you first have to flight unlock your device prior to flashing the flight signed ffu.
 1. On PC

devices/hololens/hololens-kiosk.md

@@ -12,7 +12,7 @@ ms.custom:
 - CI 111456
 - CSSTroubleshooting
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 appliesto:
 - HoloLens (1st gen)
 - HoloLens 2

devices/hololens/hololens-multiple-users.md

@@ -9,7 +9,7 @@ ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/16/2019
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 appliesto:
 - HoloLens (1st gen)
 - HoloLens 2

devices/hololens/hololens-provisioning.md

@@ -16,7 +16,7 @@ ms.custom:
 ms.localizationpriority: medium
 ms.date: 03/10/2020
 ms.reviewer: Teresa-Motiv
-manager: dansimp
+manager: laurawi
 appliesto:
 - HoloLens (1st gen)
 - HoloLens 2

devices/hololens/hololens-release-notes.md

@@ -3,7 +3,7 @@ title: HoloLens release notes
 description: Learn about updates in each new HoloLens release.
 author: scooley
 ms.author: scooley
-manager: dansimp
+manager: laurawi
 ms.prod: hololens
 ms.sitesec: library
 ms.topic: article
@@ -26,6 +26,37 @@ appliesto:
 > [!Note]
 > HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
 
+### April Update - build 18362.1059
+
+**Dark mode for supported apps** 
+
+Many Windows apps support both dark and light modes, and soon HoloLens 2 customers can choose the default mode for apps that support both color schemes! Based on overwhelmingly positive customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time.
+Navigate to **Settings > System > Colors** to find **"Choose your default app mode."**
+
+Here are some of the in-box apps that support dark mode:
+- Settings
+- Microsoft Store
+- Mail
+- Calendar
+- File Explorer
+- Feedback Hub
+- OneDrive
+- Photos
+- 3D Viewer
+- Movies & TV
+
+**Improvements and fixes also in the update:** 
+- Ensure shell overlays are included in mixed reality captures.
+- Unreal developers are now able to use the 3D View page in Device Portal to test and debug their applications.
+- Improve hologram stability in mixed reality capture when the HolographicDepthReprojectionMethod DepthReprojection algorithm is used.
+- Fixed WinRT IStreamSocketListener API Class Not Registered error on 32-bit ARM app.
+
+### March Update - build 18362.1056
+
+- Improve hologram stability in mixed reality capture when the HolographicDepthReprojectionMethod AutoPlanar algorithm is used.
+- Ensures the coordinate system attached to a depth MF sample is consistent with public documentation.
+- Developers productivity improvement by enabling customers to paste large amount of text through device portal.
+
 ### February Update - build 18362.1053
 
 - Temporarily disabled the HolographicSpace.UserPresence API for Unity applications to avoid an issue which causes some apps to pause when the visor is flipped up, even if the setting to run in the background is enabled.

devices/hololens/hololens-updates.md

@@ -8,10 +8,11 @@ ms.author: v-tea
 audience: ITPro
 ms.topic: article
 ms.localizationpriority: high
-ms.date: 11/7/2019
+ms.date: 03/24/2020
 ms.reviewer: jarrettr
 manager: jarrettr
 ms.custom: 
+- CI 115825
 - CI 111456
 - CSSTroubleshooting
 appliesto:
@@ -21,80 +22,195 @@ appliesto:
 
 # Manage HoloLens updates
 
-HoloLens uses Windows Update, just like other Windows 10 devices. When an update is available, it will be automatically downloaded and installed the next time your device is plugged in and connected to the Internet.
+HoloLens uses Windows Update in the same manner as other Windows 10 devices. When an update is available, it is automatically downloaded and installed the next time that your device is plugged in and connected to the internet. This article describes how to manage updates in an enterprise or other managed environment. For information about managing updates to individual HoloLens devices, see [Update HoloLens](hololens-update-hololens.md).
 
-This article will walk through all of the way to manage updates on HoloLens.
+## Manage updates automatically
 
-## Manually check for updates
+Windows Holographic for Business can use [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb) to manage updates. All HoloLens 2 devices can use Windows Holographic for Business. Make sure that they use Windows Holographic for Business build 10.0.18362.1042 or a later build. If you have HoloLens (1st gen) devices, you have to [upgrade them to Windows Holographic for Business](hololens1-upgrade-enterprise.md) to manage their updates.
 
-While HoloLens periodically checks for system updates so you don't have to, there may be circumstances in which you want to manually check.
+Windows Update for Business connects HoloLens devices directly to the Windows Update service. By using Windows Update for Business, you can control multiple aspects of the update process—that is, which devices get which updates at what time. For example, you can roll out updates to a subset of devices for testing, then roll out updates to the remaining devices at a later date. Or, you can define different update schedules for different types of updates.
 
-To manually check for updates, go to **Settings** > **Update & Security** > **Check for updates**. If the Settings app says your device is up to date, you have all the updates that are currently available.
+> [!NOTE]  
+> For HoloLens devices, you can automatically manage feature updates (released twice a year) and quality updates (released monthly or as required, including critical security updates). For more information about update types, see [Types of updates managed by Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb#types-of-updates-managed-by-windows-update-for-business).
 
-## Go back to a previous version (HoloLens 2)
+You can configure Windows Update for Business settings for HoloLens by using policies in a Mobile Device Management (MDM) solution such as Microsoft Intune.
 
-In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Advanced Recovery Companion to reset your HoloLens to the earlier version.
+For a detailed discussion about how to use Intune to configure Windows Update for Business, see [Manage Windows 10 software updates in Intune](https://docs.microsoft.com/intune/protect/windows-update-for-business-configure).
 
-> [!NOTE]
-> Going back to an earlier version deletes your personal files and settings.
+> [!IMPORTANT]  
+> Intune provides two policy types for managing updates: *Windows 10 update ring* and *Windows 10 feature updates*. The Windows 10 feature update policy type is in public preview at this time and is not supported for HoloLens.
+>  
+> You can use Windows 10 update ring policies to manage HoloLens 2 updates.
 
-To go back to a previous version of HoloLens 2, follow these steps:
+### Configure update policies for HoloLens 2 or HoloLens (1st gen)
 
-1. Make sure that you don't have any phones or Windows devices plugged in to your PC.
-1. On your PC, download the [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from the Microsoft Store.
-1. Download the [most recent HoloLens 2 release](https://aka.ms/hololens2download).
-1. When you have finished these downloads, open **File explorer** > **Downloads**. Right-click the zipped folder that you just downloaded, and select **Extract all** > **Extract** to unzip it.
-1. Connect your HoloLens to your PC using a USB-A to USB-C cable . (Even if you've been using other cables to connect your HoloLens, this one works best.)
-1. The Advanced Recovery Companion automatically detects your HoloLens. Select the **Microsoft HoloLens** tile.
-1. On the next screen, select **Manual package selection** and then select the installation file contained in the folder that you unzipped in step 4. (Look for a file with the .ffu extension.)
-1. Select **Install software**, and follow the instructions.
+This section describes the policies that you can use to manage updates for either HoloLens 2 or HoloLens (1st gen). For information about additional functionality that is available for HoloLens 2, see [Plan and configure update rollouts for HoloLens 2](#plan-and-configure-update-rollouts-for-hololens-2).
 
-## Go back to a previous version (HoloLens (1st gen))
+The [Policy configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update) defines the policies that configure Windows Update for Business.
 
-In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Windows Device Recovery Tool to reset your HoloLens to the earlier version.
+> [!NOTE]  
+> For details about specific policies that are supported by specific editions of HoloLens, see [Policies supported by HoloLens devices](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#policies-supported-by-hololens-devices).
 
-> [!NOTE]
-> Going back to an earlier version deletes your personal files and settings.
+#### Configure automatic checks for updates
 
-To go back to a previous version of HoloLens (1st gen), follow these steps:
+You can use the **Update/AllowAutoUpdate** policy to manage automatic update behavior, such as scanning, downloading, and installing updates.
 
-1. Make sure that you don't have any phones or Windows devices plugged in to your PC.
-1. On your PC, download the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379).
-1. Download the [HoloLens Anniversary Update recovery package](https://aka.ms/hololensrecovery).
-1. When the downloads finish, open **File explorer** > **Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all** > **Extract** to unzip it.
-1. Connect your HoloLens to your PC using the micro-USB cable that it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.)
-1. The WDRT will automatically detect your HoloLens. Select the **Microsoft HoloLens** tile.
-1. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the .ffu extension.)
-1. Select **Install software**, and follow the instructions.
+This policy supports the following values:
 
-> [!NOTE]
-> If the WDRT doesn't detect your HoloLens, try restarting your PC. If that doesn't work, select **My device was not detected**, select **Microsoft HoloLens**, and then follow the instructions.
+- **0** - Notify the user when there is an update that is ready to download that applies to the device.
+- **1** - Automatically install the update, and then notify the user to schedule a device restart.  
+- **2** - Automatically install the update, and then restart the device. This is the recommended value, and it is the default value for this policy.  
 
-## Use policies to manage updates to HoloLens
+- **3** - Automatically install the update, and then restart at a specified time. Specify the installation day and time. If no day and time are specified, the default is daily at 3 A.M.  
 
-> [!NOTE]
-> HoloLens (1st gen) devices must be [upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md) to manage updates.
+- **4** - Automatically install the update, and then restart the device. This option also sets the Settings page to read-only.
+
+- **5** - Turn off automatic updates.
+
+For more details about the available settings for this policy, see [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate).
+
+> [!NOTE]  
+> In Microsoft Intune, you can use **Automatic Update Behavior** to change this policy. For more information, see [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure).
+
+#### Configure an update schedule
 
 To configure how and when updates are applied, use the following policies:
 
-- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
-- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)
-- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)
+- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday).  
+   - Values: **0**–**7** (0 = every day, 1 = Sunday, 7 = Saturday)
+   - Default value: **0** (every day)
+- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime).
+   - Values: 0–23 (0 = midnight, 23 = 11 P.M.)
+   - Default value: 3 P.M.
 
-To turn off the automatic check for updates, set the following policy to value **5** – Turn off Automatic Updates:
+#### For devices that run Windows 10, version 1607 only
 
-- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
-
-In Microsoft Intune, you can use **Automatic Update Behavior** to change this policy. (See [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure))
-
-For devices on Windows 10, version 1607 only: You can use the following update policies to configure devices and get updates from the Windows Server Update Service (WSUS), instead of Windows Update:
+You can use the following update policies to configure devices to get updates from the Windows Server Update Service (WSUS), instead of Windows Update:
 
 - [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice)
 - [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval)
 - [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl)
 
-For more information about using policies to manage HoloLens, see the following articles:
+### Plan and configure update rollouts for HoloLens 2
 
-- [Policies supported by HoloLens 2](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#policies-supported-by-hololens-2)
-- [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business)
-- [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure)
+HoloLens 2 supports more update automation features than HoloLens (1st gen). this is especially true if you use Microsoft Intune to manage Windows Update for Business policy. These features make it easier for you to plan and implement update rollouts across your organization.
+
+#### Plan the update strategy
+
+Windows Updates for Business supports deferral policies. After Microsoft releases an update, you can use a deferral policy to define how long to wait before installing that update on devices. By associating subsets of your devices (referred to as *update rings*) with different deferral policies, you can coordinate an update rollout strategy for your organization.
+
+For example, consider an organization that has 1,000 devices and has to update them in five ways. The organization can create five update rings, as shown in the following table.
+
+|Group |Number of devices |Deferral (days) |
+| ---| :---: | :---: |
+|Grp 1 (IT staff) |5 |0 |
+|Grp 2 (early adopters) |50 |60 |
+|Grp 3 (main 1) |250 |120 |
+|Grp 4 (main 2) |300 |150 |
+|Grp 5 (main 3) |395 |180 |
+
+Here's how the rollout progresses over time to the entire organization.
+
+![Timeline for deploying updates](./images/hololens-updates-timeline.png)
+
+#### Configure an update deferral policy
+
+A deferral policy specifies the number of days between the date that an update becomes available and the date that the update is offered to a device.
+
+You can configure different deferrals for feature updates and quality updates. The following table lists the specific policies to use for each type, as well as the maximum deferral for each.
+
+|Category |Policy |Maximum deferral |
+| --- | --- | --- |
+|Feature updates |DeferFeatureUpdatesPeriodInDays |365 days |
+|Quality updates |DeferQualityUpdatesPeriodInDays |30 days |
+
+####  Examples: Using Intune to manage updates
+
+**Example 1: Create and assign an update ring**
+
+For a more detailed version of this example, see [Create and assign update rings](https://docs.microsoft.com/mem/intune/protect/windows-update-for-business-configure#create-and-assign-update-rings).
+
+1. Sign in to the [Microsoft Endpoint Manager Admin Center](https://go.microsoft.com/fwlink/?linkid=2109431), and navigate to your Intune profiles.
+1. Select **Software Updates** > **Windows 10 update rings** > **Create**.
+1. Under **Basics**, specify a name and a description (optional), and then select **Next**.
+1. Under **Update ring settings**, for **Servicing channel**, select **Semi-Annual Channel**, and then change **Feature update deferral period** to **120**. Then, select **Next**.
+1. Under **Assignments**, select **+ Select groups to include**, and then assign the update ring to one or more groups. Use **+ Select groups to exclude** to fine-tune the assignments. Then, select **Next**.
+1. Under **Review + create**, review the settings. When you're ready to save the update ring configuration, select **Create**.
+
+The list of update rings now includes the new Windows 10 update ring.
+
+**Example 2: Pause an update ring**
+
+If you encounter a problem when you deploy a feature or quality update, you can pause the update for 35 days (starting from a specified date). This pause prevents other devices from installing the update until you resolve or mitigate the issue. If you pause a feature update, quality updates are still offered to devices to make sure that they stay secure. After the specified time has passed, the pause automatically expires. At that point, the update process resumes.
+
+To pause an update ring in Intune, follow these steps:
+
+1. On the overview page for the update ring, select **Pause**.
+1. Select the type of update (**Feature** or **Quality**) to pause, and then select **OK**.
+
+When an update type is paused, the Overview pane for that ring displays how many days remain before that update type resumes.
+
+While the update ring is paused, you can select either of the following options:
+
+- To extend the pause period for an update type for 35 days, select **Extend**.
+- To restore updates for that ring to active operation, select **Resume**. You can pause the update ring again if it is necessary.
+
+> [!NOTE]  
+> The **Uninstall** operation for update rings is not supported for HoloLens 2 devices.
+
+## Manually check for updates
+
+Although HoloLens periodically checks for system updates so that you don't have to, there may be circumstances in which you want to manually check.
+
+To manually check for updates, go to **Settings** > **Update & Security** > **Check for updates**. If the Settings app indicates that your device is up to date, you have all the updates that are currently available.
+
+## Manually revert an update
+
+In some cases, you might want to go back to a previous version of the HoloLens software. The process for doing this depends on whether you are using HoloLens 2 or HoloLens (1st gen).
+
+### Go back to a previous version (HoloLens 2)
+
+You can roll back updates and return to a previous version of HoloLens 2 by using the Advanced Recovery Companion to reset your HoloLens to the earlier version.
+
+> [!NOTE]
+> Reverting to an earlier version deletes your personal files and settings.
+
+To go back to a previous version of HoloLens 2, follow these steps:
+
+1. Make sure that you don't have any phones or Windows devices plugged in to your computer.
+1. On your computer, download the [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from the Microsoft Store.
+1. Download the [most recent HoloLens 2 release](https://aka.ms/hololens2download).
+1. When you have finished these downloads, open **File explorer** > **Downloads**, right-click the compressed (zipped) folder that you just downloaded, and then select **Extract all** > **Extract** to expand the file.
+1. Use a USB-A to USB-C cable to connect your HoloLens device to your computer. Even if you've been using other cables to connect your HoloLens, this kind of cable works best.
+1. The Advanced Recovery Companion automatically detects your HoloLens device. Select the **Microsoft HoloLens** tile.
+1. On the next screen, select **Manual package selection**, and then open the folder that you previously expanded. 
+1. Select the installation file (the file that has an .ffu extension).
+1. Select **Install software**, and then follow the instructions.
+
+### Go back to a previous version (HoloLens (1st gen))
+
+You can roll back updates and return to a previous version of HoloLens (1st gen) by using the Windows Device Recovery Tool to reset your HoloLens to the earlier version.
+
+> [!NOTE]
+> Reverting to an earlier version deletes your personal files and settings.
+
+To go back to a previous version of HoloLens (1st gen), follow these steps:
+
+1. Make sure that you don't have any phones or Windows devices plugged in to your computer.
+1. On your computer, download the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379).
+1. Download the [HoloLens Anniversary Update recovery package](https://aka.ms/hololensrecovery).
+1. After the downloads finish, open **File explorer** > **Downloads**, right-click the compressed (zipped) folder that you just downloaded, and then select **Extract all** > **Extract** to expand the file.
+1. Use the micro-USB cable that was provided together with your HoloLens device to connect your HoloLens device to your computer. Even if you've been using other cables to connect your HoloLens device, this one works best.
+1. The WDRT automatically detects your HoloLens device. Select the **Microsoft HoloLens** tile.
+1. On the next screen, select **Manual package selection**, and then open the folder that you previously expanded. 
+1. Select the installation file (the file that has an .ffu extension).
+1. Select **Install software**, and then follow the instructions.
+
+> [!NOTE]
+> If the WDRT doesn't detect your HoloLens device, try restarting your computer. If that doesn't work, select **My device was not detected**, select **Microsoft HoloLens**, and then follow the instructions.
+
+## Related articles
+
+- [Deploy updates using Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb)
+- [Assign devices to servicing channels for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-servicing-channels-windows-10-updates)
+- [Manage Windows 10 software updates in Intune](https://docs.microsoft.com/mem/intune/protect/windows-update-for-business-configure)

devices/hololens/hololens2-autopilot.md

@@ -0,0 +1,249 @@
+---
+title: Windows Autopilot for HoloLens 2 evaluation guide
+description: 
+author: Teresa-Motiv
+ms.author: v-tea
+ms.date: 4/10/2020
+ms.prod: hololens
+ms.topic: article
+ms.custom: 
+- CI 116283
+- CSSTroubleshooting
+audience: ITPro
+ms.localizationpriority: high
+keywords: autopilot
+manager: jarrettr
+appliesto:
+- HoloLens 2
+---
+
+# Windows Autopilot for HoloLens 2 evaluation guide
+
+When you set up HoloLens 2 devices for the Windows Autopilot program, your users can follow a simple process to provision the devices from the cloud.
+
+This Autopilot program supports Autopilot self-deploying mode to provision HoloLens 2 devices as shared devices under your tenant. Self-deploying mode leverages the device's preinstalled OEM image and drivers during the provisioning process. A user can provision the device without putting the device on and going through the Out-of-the-box Experience (OOBE).  
+
+![The Autopilot self-deploying process configures shared devices in "headless" mode by using a network connection.](./images/hololens-ap-intro.png)
+
+When a user starts the Autopilot self-deploying process, the process completes the following steps:
+
+1. Join the device to Azure Active Directory (Azure AD).
+   > [!NOTE]  
+   > Autopilot for HoloLens does not support Active Directory join or Hybrid Azure AD join.
+1. Use Azure AD to enroll the device in Microsoft Intune (or another MDM service).
+1. Download the device-targeted policies, certificates, and networking profiles.
+1. Provision the device.
+1. Present the sign-in screen to the user.
+
+## Windows Autopilot for HoloLens 2: Get started
+
+The following steps summarize the process of setting up your environment for the Windows Autopilot for HoloLens 2. The rest of this section provides the details of these steps.
+
+1. Enroll in the Windows Autopilot for HoloLens 2 program.
+1. Make sure that you meet the requirements for Windows Autopilot for HoloLens.
+1. Verify that your tenant is flighted (enrolled to participate in the program).
+1. Register devices in Windows Autopilot.
+1. Create a device group.
+1. Create a deployment profile.
+1. Verify the ESP configuration.
+1. Configure a custom configuration profile for HoloLens devices (known issue).
+1. Verify the profile status of the HoloLens devices.
+
+### 1. Enroll in the Windows Autopilot for HoloLens 2 program
+
+To participate in the program, you have to use a tenant that is flighted for HoloLens. To do this, go to  [Windows Autopilot for HoloLens Private Preview request](https://aka.ms/APHoloLensTAP) or use the following QR code to submit a request.  
+
+![Autopilot QR code](./images/hololens-ap-qrcode.png)  
+
+In this request, provide the following information:
+
+- Tenant domain
+- Tenant ID
+- Number of HoloLens 2 devices that are participating in this evaluation
+- Number of HoloLens 2 devices that you plan to deploy by using Autopilot self-deploying mode
+
+### 2. Make sure that you meet the requirements for Windows Autopilot for HoloLens
+
+For the latest information about how to participate in the program, review [Windows Insider Release Notes](hololens-insider.md#windows-insider-release-notes).
+
+Review the following sections of the Windows Autopilot requirements article:
+
+- [Network requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#networking-requirements)  
+- [Licensing requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#licensing-requirements)  
+- [Configuration requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#configuration-requirements)
+   > [!IMPORTANT]  
+   > For information about how to register devices and configure profiles, see [4. Register devices in Windows Autopilot](#4-register-devices-in-windows-autopilot) and [6. Create a deployment profile](#6-create-a-deployment-profile) in this article. These sections provide steps that are specific to HoloLens.
+
+> [!IMPORTANT]  
+> Unlike other Windows Autopilot programs, Windows Autopilot for HoloLens 2 has specific operating system requirements.
+
+Review the "[Requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/self-deploying#requirements)" section of the Windows Autopilot Self-Deploying mode article. Your environment has to meet these requirements as well as the standard Windows Autopilot requirements.
+
+> [!NOTE]  
+> You do not have to review the "Step by step" and "Validation" sections of the article. The procedures later in this article provide corresponding steps that are specific to HoloLens.
+
+Before you start the OOBE and provisioning process, make sure that the HoloLens devices meet the following requirements:
+
+- The devices are not already members of Azure AD, and are not enrolled in Intune (or another MDM system). The Autopilot self-deploying process completes these steps. To make sure that all the device-related information is cleaned up, check the **Devices** pages in both Azure AD and Intune.
+- Every device can connect to the internet. You can use a wired or wireless connection.
+- Every device can connect to a computer by using a USB-C cable, and that computer has the following available:
+  - Advanced Recovery Companion (ARC)
+  - The latest Windows update: Windows 10, version 19041.1002.200107-0909 or a later version)
+
+To configure and manage the Autopilot self-deploying mode profiles, make sure that you have access to [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
+
+### 3. Verify that your tenant is flighted
+
+To verify that your tenant is flighted for the Autopilot program after you submit your request, follow these steps:
+
+1. Sign in to [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
+1. Select **Devices** > **Windows** > **Windows enrollment** > **Windows Autopilot deployment profiles** > **Create profile**.  
+   
+   ![Create profile dropdown includes a HoloLens item.](./images/hololens-ap-enrollment-profiles.png)
+  You should see a list that includes **HoloLens**. If this option is not present, use one of the [Feedback](#feedback) options to contact us.
+
+### 4. Register devices in Windows Autopilot
+
+To register a HoloLens device in the Windows Autopilot program, you have to obtain the hardware hash of the device (also known as the hardware ID). The device can record its hardware hash in a CSV file during the OOBE process, or later when a device owner starts the diagnostic log collection process (described in the following procedure). Typically, the device owner is the first user to sign in to the device.
+
+**Retrieve a device hardware hash**
+
+1. Start the HoloLens 2 device, and make sure that you sign in by using an account that is the device owner.
+1. On the device, press the Power and Volume Down buttons at the same time and then release them. The device collects diagnostic logs and the hardware hash, and stores them in a set of .zip files.
+1. Use a USB-C cable to connect the device to a computer.
+1. On the computer, open File Explorer. Open **This PC\\\<*HoloLens device name*>\\Internal Storage\\Documents**, and locate the AutopilotDiagnostics.zip file.  
+
+   > [!NOTE]  
+   > The .zip file may not immediately be available. If the file is not ready yet you may see a HoloLensDiagnostics.temp file in the Documents folder. To update the list of files, refresh the window.
+
+1. Extract the contents of the AutopilotDiagnostics.zip file.
+1. In the extracted files, locate the CSV file that has a file name prefix of "DeviceHash." Copy that file to a drive on the computer where you can access it later.  
+   > [!IMPORTANT]  
+   > The data in the CSV file should use the following header and line format:
+   > ```
+   > Device Serial Number,Windows Product ID,Hardware Hash,Group Tag,Assigned User <serialNumber>,<ProductID>,<hardwareHash>,<optionalGroupTag>,<optionalAssignedUser>
+   >```
+
+**Register the device in Windows Autopilot**
+
+1. In Microsoft Endpoint Manager Admin Center, select **Devices** > **Windows** > **Windows enrollment**, and then select **Devices** > **Import** under **Windows Autopilot Deployment Program**.
+
+1. Under **Add Windows Autopilot devices**, select the DeviceHash CSV file, select **Open**, and then select **Import**.  
+   
+   ![Use the Import command to import the hardware hash.](./images/hololens-ap-hash-import.png)
+1. After the import finishes, select **Devices** > **Windows** > **Windows enrollment** > **Devices** > **Sync**. The process might take a few minutes to complete, depending on how many devices are being synchronized. To see the registered device, select **Refresh**.  
+   
+   ![Use the Sync and Refresh commands to view the device list.](./images/hololens-ap-devices-sync.png)  
+
+### 5. Create a device group
+
+1. In Microsoft Endpoint Manager admin center, select **Groups** > **New group**.
+1. For **Group type**, select **Security**, and then enter a group name and description.
+1. For **Membership type**, select either **Assigned** or **Dynamic Device**.
+1. Do one of the following:  
+   
+   - If you selected **Assigned** for **Membership type** in the previous step, select **Members**, and then add Autopilot devices to the group. Autopilot devices that aren't yet enrolled are listed by using the device serial number as the device name.
+   - If you selected **Dynamic Devices** for **Membership type** in the previous step, select **Dynamic device members**, and then enter code in **Advanced rule** that resembles the following:
+     - If you want to create a group that includes all of your Autopilot devices, type: `(device.devicePhysicalIDs -any _ -contains "[ZTDId]")`
+     - Intune's group tag field maps to the **OrderID** attribute on Azure AD devices. If you want to create a group that includes all of your Autopilot devices that have a specific group tag (the Azure AD device OrderID), you must type: `(device.devicePhysicalIds -any _ -eq "[OrderID]:179887111881")`
+     - If you want to create a group that includes all your Autopilot devices that have a specific Purchase Order ID, type: `(device.devicePhysicalIds -any _ -eq "[PurchaseOrderId]:76222342342")`
+
+     > [!NOTE]  
+     > These rules target attributes that are unique to Autopilot devices.
+1. Select **Save**, and then select **Create**.
+
+### 6. Create a deployment profile
+
+1. In Microsoft Endpoint Manager admin center, select **Devices** > **Windows** > **Windows enrollment** > **Windows Autopilot deployment profiles** > **Create profile** > **HoloLens**.
+1. Enter a profile name and description, and then select **Next**.  
+   
+   ![Add a profile name and description](./images/hololens-ap-profile-name.png)
+1. On the **Out-of-box experience (OOBE)** page, most of the settings are pre-configured to streamline OOBE for this evaluation. Optionally, you can configure the following settings:  
+
+   - **Language (Region)**: Select the language for OOBE. We recommend that you select a language from the list of [supported languages for HoloLens 2](hololens2-language-support.md).
+   - **Automatically configure keyboard**: To make sure that the keyboard matches the selected language, select **Yes**.
+   - **Apply device name template**: To automatically set the device name during OOBE, select **Yes** and then enter the template phrase and placeholders in **Enter a name** For example, enter a prefix and `%RAND:4%`&mdash;a placeholder for a four-digit random number.
+     > [!NOTE]  
+     > If you use a device name template, the OOBE process restarts the device one additional time after it applies the device name and before it joins the device to Azure AD. This restart enables the new name to take effect.  
+
+   ![Configure OOBE settings](./images/hololens-ap-profile-oobe.png)
+1. After you configure the settings, select **Next**.
+1. On the **Scope tags** page, optionally add the scope tags that you want to apply to this profile. For more information about scope tags, see [Use role-based access control and scope tags for distributed IT](https://docs.microsoft.com/mem/intune/fundamentals/scope-tags.md). When finished, select **Next**.
+1. On the **Assignments** page, select **Selected groups** for **Assign to**.
+1. Under **SELECTED GROUPS**, select **+ Select groups to include**.
+1. In the **Select groups to include** list, select the device group that you created for the Autopilot HoloLens devices, and then select **Next**.  
+  
+   If you want to exclude any groups, select **Select groups to exclude**, and select the groups that you want to exclude.
+
+   ![Assigning a device group to the profile.](./images/hololens-ap-profile-assign-devicegroup.png)
+1. On the **Review + Create** page, review the settings and then select **Create** to create the profile.  
+   
+   ![Review + create](./images/hololens-ap-profile-summ.png)
+
+### 7. Verify the ESP configuration
+
+The Enrollment Status Page (ESP) displays the status of the complete device configuration process that runs when an MDM managed user signs into a device for the first time. Make sure that your ESP configuration resembles the following, and verify that the assignments are correct.  
+
+![ESP configuration](./images/hololens-ap-profile-settings.png)
+
+### 8. Configure a custom configuration profile for HoloLens devices (known issue)
+
+1. In [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com), select **Devices** > **Configuration profiles** > **Create profile**.
+1. For **Platform**, specify **Windows 10 and later**, and for **Profile**, select **Custom**.
+1. Select **Create**.
+1. Enter a name for the profile, and then select **Settings** > **Configure**.  
+   
+   ![Settings for the custom configuration profile.](./images/hololens-ap-profile-settings-oma.png)
+1. Select **Add**, and then specify the following information:  
+
+   - **Name**: SidecarPath
+   - **OMA-URI**: ./images/Device/Vendor/MSFT/EnrollmentStatusTracking/DevicePreparation/PolicyProviders/Sidecar/InstallationState
+   - **Data type**: Integer
+   - **Value**: 2
+1. Select **OK** two times, and then select **Create** to create the profile.
+1. After Intune creates the configuration profile, assign the configuration profile to the device group for the HoloLens devices.
+
+### 9. Verify the profile status of the HoloLens devices
+
+1. In Microsoft Endpoint Manager Admin Center, select **Devices** > **Windows** > **Windows enrollment** > **Devices**.
+1. Verify that the HoloLens devices are listed, and that their profile status is **Assigned**.  
+   > [!NOTE]  
+   > It may take a few minutes for the profile to be assigned to the device.  
+   
+   ![Device and profile assignments.](./images/hololens-ap-devices-assignments.png)
+
+## Windows Autopilot for HoloLens 2 User Experience
+
+Your HoloLens users can follow these steps to provision HoloLens devices.  
+
+1. Use the USB-C cable to connect the HoloLens device to a computer that has Advanced Recovery Companion (ARC) installed and has the appropriate Windows update downloaded.
+1. Use ARC to flash the appropriate version of Windows on to the device.
+1. Connect the device to the network, and then restart the device.  
+   > [!IMPORTANT]  
+   > You must connect the device to the network before the Out-of-the-Box-Experience (OOBE) starts. The device determines whether it is provisioning as an Autopilot device while on the first OOBE screen. If the device cannot connect to the network, or if you choose not to provision the device as an Autopilot device, you cannot change to Autopilot provisioning at a later time. Instead, you would have to start this procedure over in order to provision the device as an Autopilot device.
+
+   The device should automatically start OOBE. Do not interact with OOBE. Instead sit, back and relax! Let HoloLens 2 detect network connectivity and allow it complete OOBE automatically. The device may restart during OOBE. The OOBE screens should resemble the following.
+   
+   ![OOBE step 1](./images/hololens-ap-uex-1.png)
+   ![OOBE step 2](./images/hololens-ap-uex-2.png)
+   ![OOBE step 3](./images/hololens-ap-uex-3.png)
+   ![OOBE step 4](./images/hololens-ap-uex-4.png)
+
+At the end of OOBE, you can sign in to the device by using your user name and password.
+
+  ![OOBE step 5](./images/hololens-ap-uex-5.png)
+
+## Known Issues
+
+- The list of supported languages for Autopilot deployment profiles includes languages that HoloLens does not support. Select a language that [HoloLens supports](hololens2-language-support.md).
+
+## Feedback
+
+To provide feedback or report issues, use one of the following methods:
+
+- Use the Feedback Hub app. You can find this app on a HoloLens-connected computer. In Feedback Hub, select the **Enterprise Management** > **Device** category.  
+
+  When you provide feedback or report an issue, provide a detailed description. If applicable, include screenshots and logs.
+- Send an email message to [hlappreview@microsoft.com](mailto:hlappreview@microsoft.com). For the email subject, enter **\<*Tenant*> Autopilot for HoloLens 2 evaluation feedback** (where \<*Tenant*> is the name of your Intune tenant).
+
+  Provide a detailed description in your message. However, unless Support personnel specifically request it, do not include data such as screenshots or logs. Such data might include private or personally identifiable information (PII).

devices/hololens/hololens2-maintenance.md

@@ -0,0 +1,84 @@
+---
+title: HoloLens 2 device care and cleaning FAQ
+description: 
+author: Teresa-Motiv
+ms.author: v-tea
+ms.date: 4/14/2020
+ms.prod: hololens
+ms.topic: article
+ms.custom: 
+- CI 115560
+- CSSTroubleshooting
+audience: ITPro
+ms.localizationpriority: medium
+keywords: 
+manager: jarrettr
+appliesto:
+- HoloLens 2
+---
+
+# Frequently asked questions about cleaning HoloLens 2 devices
+
+> [!IMPORTANT]  
+> Microsoft cannot make a determination of the effectiveness of any given disinfectant product in fighting pathogens such as COVID-19. Please refer to your local public health authority's guidance about how to stay safe from potential infection.  
+
+## What are the general cleaning instructions for HoloLens 2 devices?
+
+**To clean the device**
+
+1. Remove any dust by using a dry, lint-free microfiber cloth to gently wipe the surface of the device.
+1. Lightly moisten the cloth by using medical "70%" isopropyl alcohol, and then use the moistened cloth to gently wipe the surface of the device.
+
+   ![Image that shows how to clean the visor](images/hololens-cleaning-visor.png)
+
+1. Let the device dry completely.
+
+**To clean the brow pad**
+
+1. Use water and a mild, antibiotic soap to moisten a cloth, and then use the moistened cloth to wipe the brow pad.
+1. Let the brow pad dry completely.
+
+## Can I use any lens cleaner for cleaning the HoloLens visor?
+
+No. Lens cleaners can be abrasive to the coatings on the visor. To clean the visor, follow these steps:  
+
+1. Remove any dust by using a dry lint-free microfiber cloth to gently wipe the visor.
+1. Lightly moisten a cloth by using medical "70%" isopropyl alcohol, and then gently wipe the visor.
+1. Let the visor dry completely.
+
+## Can I use disinfecting wipes to clean the device?
+
+Yes, if the wipes do not contain bleach. You can use non-bleach disinfecting wipes to [gently wipe the HoloLens surfaces](#what-are-the-general-cleaning-instructions-for-hololens-2-devices).  
+
+> [!CAUTION]  
+> Avoid using disinfecting wipes that contains bleach to clean the HoloLens surfaces. It is acceptable to use bleach wipes in critical situations, when nothing else is available. However, bleach may damage the HoloLens visor or other surfaces.
+
+## Can I use alcohol to clean the device?
+
+Yes. You can use a solution of "70%" isopropyl alcohol and water to clean the hard surfaces of the device, including the visor. Lightly moisten the cloth by using a mix of isopropyl alcohol and water, and then gently wipe the surface of the device
+
+## Is the brow pad replaceable?
+
+Yes. The brow pad is magnetically attached to the device. To detach it, pull it gently away from the headband. To replace it, snap it back into place.
+
+![Remove or replace the brow pad](images/hololens2-remove-browpad.png)
+
+## How can I clean the brow pad?
+
+To clean the brow pad, wipe it by using a cloth that's moistened by using water and a mild antibiotic soap. Let the brow pad dry completely before you use it again.
+
+## Can I use ultraviolet (UV) light to sanitize the device?
+
+UV-C germicidal irradiation has not been tested on HoloLens 2.
+
+> [!CAUTION]  
+> High levels of UV-A and UV-B exposure can degrade the display quality of the device and damage the visor coating. Over-exposure to UV-A and UV-B radiation has the following effects, in order of the duration and intensity of exposure:
+>  
+> 1. The brow pad and device closures become discolored.
+> 1. Defects appear in the anti-reflective (AR) coating on the visor and on the sensor windows.
+> 1. Defects appear in the base materials of the visor and on the sensor windows.
+> 1. SRG performance degrades.
+
+## Is the rear pad replaceable?
+
+No.

devices/hololens/scep-whitepaper.md

@@ -1,80 +0,0 @@
----
-title: SCEP Whitepaper
-description: A whitepaper that describes how Microsoft mitigates the vulnerabilities of SCEP.
-ms.assetid: bd55ecd1-697a-4b09-8274-48d1499fcb0b
-author: pawinfie
-ms.author: pawinfie
-ms.date: 02/12/2020
-keywords: hololens, Windows Mixed Reality, security
-ms.prod: hololens
-ms.sitesec: library
-ms.topic: article
-audience: ITPro
-ms.localizationpriority: high
-ms.custom: 
-- CI 111456
-- CSSTroubleshooting
-appliesto:
-- HoloLens 1 (1st gen)
-- HoloLens 2
----
-
-# SCEP whitepaper
-
-## High Level
-
-### How the SCEP Challenge PW is secured
-
-We work around the weakness of the SCEP protocol by generating custom challenges in Intune itself. The challenge string we create is signed/encrypted, and contains the information we've configured in Intune for certificate issuance into the challenge blob. This means the blob used as the challenge string contains the expected CSR information like the Subject Name, Subject Alternative Name, and other attributes.
-
-We then pass that to the device and then the device generates it's CSR and passes it, and the blob to the SCEP URL it received in the MDM profile. On NDES servers running the Intune SCEP module we perform a custom challenge validation that validates the signature on the blob, decrypts the challenge blob itself, compare it to the CSR received, and then determine if we should issue the cert.  If any portion of this check fails then the certificate request is rejected.
-
-## Behind the scenes
-
-### Intune Connector has a number of responsibilities
-
-1. The connector is SCEP policy module which contains a "Certification Registration Point" component which interacts with the Intune service, and is responsible for validating, and securing the SCEP request coming into the NDES server.
-
-1. The connector will install an App Pool on the NDES IIS server > Microsoft Intune CRP service Pool, and a CertificateRegistrationSvc under the "Default Web Site" on IIS.
-
-1. **When the Intune NDES connector is first configured/setup on the NDES server, a certificate is issued from the Intune cloud service to the NDES server. This cert is used to securely communicate with the Intune cloud service - customer tenant. The cert is unique to the customers NDES server. Can be viewed in Certlm.msc issued by SC_Online_Issuing. This certs Public key is used by Intune in the cloud to encrypt the challenge blob. In addition, when the connector is configured, Intune's public key is sent to the NDES server.**
-    >[!NOTE]
-    >The connector communication with Intune is strictly outbound traffic.
-
-1. The Intune cloud service combined with the Intune connector/policy module addresses the SCEP protocol challenge password weakness (in the SCEP protocol) by generating a custom challenge.  The challenge is generated in Intune itself.
-
-    1. In the challenge blob, Intune puts information that we expect in the cert request (CSR - Certificate Signing Request) coming from a mobile device like the following: what we expect the Subject and SAN (validated against AAD attributes/properties of the user/device) to be, and specifics contained in the Intune SCEP profile that is created by an Intune admin, i.e., Request Handling, EKU, Renewal, validity period, key size, renewal period.
-        >[!NOTE]
-        >The Challenge blob is Encrypted with the Connectors Public Key, and Signed with Intune's (cloud service) Private Key.  The device cannot decrypt the challenge
-
-    1. When an Intune admin creates a SCEP profile in their tenant, Intune will send the SCEP profile payload along with the Encrypted and Signed Challenge to the targeted device. The device generates a CSR, and reaches out to NDES URL (contained in the SCEP profile). The device cert request payload contains the CSR, and the encrypted, signed challenge blob.
-
-        1. When the device reaches out to the NDES server (via the NDES/SCEP URL provided in the SCEP Profile payload), the SCEP cert request validation is performed by the policy module running on the NDES server. The challenge signature is verified using Intune's public key (which is on the NDES server, when the connector was installed and configured) and decrypted using the connectors private key. The policy module compares the CSR details against the decrypted challenge and determines if a cert should be issued. If the CSR passes validation, the NDES server requests a certificate from the CA on behalf of the user/device.
-            >[!NOTE]
-            >The above process takes place on the NDES server running the Policy Module.  No interaction with the Intune cloud service takes place.
-
-    1. The NDES connector notification/reporting of cert delivery takes place after NDES sends the issued cert to the device.  This is performed as a separate operation outside the cert request flow. Meaning that once NDES sends the cert to the device via the AAD app proxy (or other publishing firewall/proxy, a log is written with the cert delivery details on the NDES server by the connector (file location \Program Files\Microsoft Intune\CertificateRequestStatus\Succeed\ folder. The connector will look here, and send updates to Intune.
-
-    1. The mobile device must be enrolled in Intune. If not, we reject the request as well
-
-    1. The Intune connector disables the standard NDES challenge password request URL on the NDES server.
-
-    1. The NDES server SCEP URI in most customer deployments is made available to the internet via Azure App Proxy, or an on-prem reverse proxy, i.e. F5.  
-        >[!NOTE]
-        >The Azure App Proxy is an outbound-only connection over Port 443, from the customers onprem network where the App Proxy connector is running on a server. The AAD app proxy can also be hosted on the NDES server. No inbound ports required when using Azure App Proxy.
-
-        1. The mobile device talks only to the NDES URI
-
-        1. Side note: AAD app proxy's role is to make onprem resources (like NDES and other customer onprem web services) securely available to the internet.
-
-    1. The Intune connector must communicate with the Intune cloud service. The connector communication will not go through the Azure App Proxy. The connector will talk with the Intune cloud service via whatever mechanism a customer has onprem to allow outbound traffic to the internet, i.e. Internal proxy service.
-        >[!NOTE]
-        > if a proxy is used by the customer, no SSL packet inspection can take place for the NDES/Connector server going out.
-
-1. Connector traffic with Intune cloud service consists of the following operations:
-
-    1. 1st time configuration of the connector: Authentication to AAD during the initial connector setup.
-
-    1. Connector checks in with Intune, and will process and any cert revocation transactions (i.e, if the Intune tenant admin issues a remote wipe – full or partial,  also If a user unenrolls their device from Intune), reporting on issued certs, renewing the connectors' SC_Online_Issuing  certificate from Intune.  Also note: the NDES Intune connector has shared PKCS cert functionality (if you decide to issue PKCS/PFX based certs) so the connector checks to Intune for PKCS cert requests even though there won't be any requests to process.  We are splitting that functionality out, so this connector just handles SCEP, but no ETA yet.
-
-1. [Here](https://docs.microsoft.com/intune/intune-endpoints#microsoft-intune-certificate-connector) is a reference for Intune NDES connector network communications.

devices/surface-hub/TOC.md

@@ -1,4 +1,4 @@
-# [Microsoft Surface Hub](index.md)
+# [Microsoft Surface Hub](index.yml)
 
 # Surface Hub 2S
 

devices/surface-hub/accessibility-surface-hub.md

@@ -3,7 +3,7 @@ title: Accessibility (Surface Hub)
 description: Accessibility settings for the Microsoft Surface Hub can be changed by using the Settings app. You'll find them under Ease of Access. Your Surface Hub has the same accessibility options as Windows 10.
 ms.assetid: 1D44723B-1162-4DF6-99A2-8A3F24443442
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: Accessibility settings, Settings app, Ease of Access
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/admin-group-management-for-surface-hub.md

@@ -3,7 +3,7 @@ title: Admin group management (Surface Hub)
 description: Every Microsoft Surface Hub can be configured individually by opening the Settings app on the device.
 ms.assetid: FA67209E-B355-4333-B903-482C4A3BDCCE
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: admin group management, Settings app, configure Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md

@@ -3,7 +3,7 @@ title: PowerShell for Surface Hub (Surface Hub)
 description: PowerShell scripts to help set up and manage your Microsoft Surface Hub.
 ms.assetid: 3EF48F63-8E4C-4D74-ACD5-461F1C653784
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: PowerShell, set up Surface Hub, manage Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md

@@ -3,7 +3,7 @@ title: Applying ActiveSync policies to device accounts (Surface Hub)
 description: The Microsoft Surface Hub's device account uses ActiveSync to sync mail and calendar. This allows people to join and start scheduled meetings from the Surface Hub, and allows them to email any whiteboards they have made during their meeting.
 ms.assetid: FAABBA74-3088-4275-B58E-EC1070F4D110
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: Surface Hub, ActiveSync policies
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/change-history-surface-hub.md

@@ -1,7 +1,7 @@
 ---
 title: Change history for Surface Hub
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 description: This topic lists new and updated topics for Surface Hub.
 keywords: change history
 ms.prod: surface-hub

devices/surface-hub/change-surface-hub-device-account.md

@@ -3,7 +3,7 @@ title: Change the Microsoft Surface Hub device account
 description: You can change the device account in Settings to either add an account if one was not already provisioned, or to change any properties of an account that was already provisioned.
 ms.assetid: AFC43043-3319-44BC-9310-29B1F375E672
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: change device account, change properties, Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/connect-and-display-with-surface-hub.md

@@ -3,7 +3,7 @@ title: Connect other devices and display with Surface Hub
 description: You can connect other device to your Surface Hub to display content. 
 ms.assetid: 8BB80FA3-D364-4A90-B72B-65F0F0FC1F0D
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.prod: surface-hub
 ms.sitesec: library
 author: dansimp

devices/surface-hub/create-a-device-account-using-office-365.md

@@ -3,7 +3,7 @@ title: Create a device account using UI (Surface Hub)
 description: If you prefer to use a graphical user interface, you can create a device account for your Microsoft Surface Hub with either the Office 365 UI or the Exchange Admin Center.
 ms.assetid: D11BCDC4-DABA-4B9A-9ECB-58E02CC8218C
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: create device account, Office 365 UI, Exchange Admin center, Microsoft 365 admin center, Skype for Business, mobile device mailbox policy
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/create-and-test-a-device-account-surface-hub.md

@@ -3,7 +3,7 @@ title: Create and test a device account (Surface Hub)
 description: This topic introduces how to create and test the device account that Microsoft Surface Hub uses to communicate with Microsoft Exchange and Skype.
 ms.assetid: C8605B5F-2178-4C3A-B4E0-CE32C70ECF67
 ms.reviewer: rikot
-manager: dansimp
+manager: laurawi
 keywords: create and test device account, device account, Surface Hub and Microsoft Exchange, Surface Hub and Skype
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/device-reset-surface-hub.md

@@ -3,7 +3,7 @@ title: Reset or recover a Surface Hub
 description: Describes the reset and recovery processes for the Surface Hub, and provides instructions.
 ms.assetid: 44E82EEE-1905-464B-A758-C2A1463909FF
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: reset Surface Hub, recover
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md

@@ -9,7 +9,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 06/20/2019
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 

devices/surface-hub/enable-8021x-wired-authentication.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 11/15/2017
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 

devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md

@@ -3,7 +3,7 @@ title: Microsoft Exchange properties (Surface Hub)
 description: Some Microsoft Exchange properties of the device account must be set to particular values to have the best meeting experience on Microsoft Surface Hub.
 ms.assetid: 3E84393B-C425-45BF-95A6-D6502BA1BF29
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: Microsoft Exchange properties, device account, Surface Hub, Windows PowerShell cmdlet
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/finishing-your-surface-hub-meeting.md

@@ -9,7 +9,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 

devices/surface-hub/first-run-program-surface-hub.md

@@ -3,7 +3,7 @@ title: First-run program (Surface Hub)
 description: The term \ 0034;first run \ 0034; refers to the series of steps you'll go through the first time you power up your Microsoft Surface Hub, and means the same thing as \ 0034;out-of-box experience \ 0034; (OOBE). This section will walk you through the process.
 ms.assetid: 07C9E84C-1245-4511-B3B3-75939AD57C49
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: first run, Surface Hub, out-of-box experience, OOBE
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md

@@ -3,7 +3,7 @@ title: Hybrid deployment (Surface Hub)
 description: A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub.
 ms.assetid: 7BFBB7BE-F587-422E-9CE4-C9DDF829E4F1
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: hybrid deployment, device account for Surface Hub, Exchange hosted on-prem, Exchange hosted online
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/install-apps-on-surface-hub.md

@@ -3,7 +3,7 @@ title: Install apps on your Microsoft Surface Hub
 description: Admins can install apps can from either the Microsoft Store or the Microsoft Store for Business.
 ms.assetid: 3885CB45-D496-4424-8533-C9E3D0EDFD94
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: install apps, Microsoft Store, Microsoft Store for Business
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/local-management-surface-hub-settings.md

@@ -9,7 +9,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 07/08/2019
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 

devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md

@@ -3,7 +3,7 @@ title: Manage settings with an MDM provider (Surface Hub)
 description: Microsoft Surface Hub provides an enterprise management solution to help IT administrators manage policies and business applications on these devices using a mobile device management (MDM) solution.
 ms.assetid: 18EB8464-6E22-479D-B0C3-21C4ADD168FE
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: mobile device management, MDM, manage policies
 ms.prod: surface-hub
 ms.sitesec: library
@@ -18,7 +18,7 @@ ms.localizationpriority: medium
 
 Surface Hub and other Windows 10 devices allow IT administrators to manage settings and policies using a mobile device management (MDM) provider. A built-in management component communicates with the management server, so there is no need to install additional clients on the device. For more information, see [Windows 10 mobile device management](https://msdn.microsoft.com/library/windows/hardware/dn914769.aspx).
 
-Surface Hub has been validated with Microsoft’s first-party MDM providers:
+Surface Hub has been validated with Microsoft's first-party MDM providers:
 - Microsoft Intune standalone
 - On-premises MDM with Microsoft Endpoint Configuration Manager
 
@@ -65,25 +65,25 @@ For more information, see [SurfaceHub configuration service provider](https://ms
 |                                Maintenance hours                                 |                        MaintenanceHoursSimple/Hours/StartTime <br> MaintenanceHoursSimple/Hours/Duration                         |                       Yes                        |                       Yes                       |             Yes             |
 |              Automatically turn on the screen using motion sensors               |                                                 InBoxApps/Welcome/AutoWakeScreen                                                 |                       Yes                        |                       Yes                       |             Yes             |
 |                      Require a pin for wireless projection                       |                                             InBoxApps/WirelessProjection/PINRequired                                             |                       Yes                        |                       Yes                       |             Yes             |
-|                            Enable wireless projection                            |                                               InBoxApps/WirelessProjection/Enabled                                               |                       Yes                        | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                 Miracast channel to use for wireless projection                  |                                               InBoxApps/WirelessProjection/Channel                                               |                       Yes                        | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|              Connect to your Operations Management Suite workspace               |                                         MOMAgent/WorkspaceID <br> MOMAgent/WorkspaceKey                                          |                       Yes                        | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                         Welcome screen background image                          |                                             InBoxApps/Welcome/CurrentBackgroundPath                                              |                       Yes                        | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|               Meeting information displayed on the welcome screen                |                                               InBoxApps/Welcome/MeetingInfoOption                                                |                       Yes                        | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                      Friendly name for wireless projection                       |                                                     Properties/FriendlyName                                                      | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
+|                            Enable wireless projection                            |                                               InBoxApps/WirelessProjection/Enabled                                               |                       Yes                        | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                 Miracast channel to use for wireless projection                  |                                               InBoxApps/WirelessProjection/Channel                                               |                       Yes                        | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|              Connect to your Operations Management Suite workspace               |                                         MOMAgent/WorkspaceID <br> MOMAgent/WorkspaceKey                                          |                       Yes                        | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                         Welcome screen background image                          |                                             InBoxApps/Welcome/CurrentBackgroundPath                                              |                       Yes                        | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|               Meeting information displayed on the welcome screen                |                                               InBoxApps/Welcome/MeetingInfoOption                                                |                       Yes                        | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager |             Yes             |
+|                      Friendly name for wireless projection                       |                                                     Properties/FriendlyName                                                      | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
 |                   Device account, including password rotation                    | DeviceAccount/*`<name_of_policy>`* <br> See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). |                        No                        |                       No                        |             Yes             |
-|                               Specify Skype domain                               |                                              InBoxApps/SkypeForBusiness/DomainName                                               |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|               Auto launch Connect App when projection is initiated               |                                                   InBoxApps/Connect/AutoLaunch                                                   |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                                Set default volume                                |                                                     Properties/DefaultVolume                                                     |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                                Set screen timeout                                |                                                     Properties/ScreenTimeout                                                     |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                               Set session timeout                                |                                                    Properties/SessionTimeout                                                     |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                                Set sleep timeout                                 |                                                     Properties/SleepTimeout                                                      |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                   Allow session to resume after screen is idle                   |                                                  Properties/AllowSessionResume                                                   |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|             Allow device account to be used for proxy authentication             |                                                  Properties/AllowAutoProxyAuth                                                   |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-| Disable auto-populating the sign-in dialog with invitees from scheduled meetings |                                               Properties/DisableSignInSuggestions                                                |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|              Disable "My meetings and files" feature in Start menu               |                                              Properties/DoNotShowMyMeetingsAndFiles                                              |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                     Set the LanProfile for 802.1x Wired Auth                     |                                                         Dot3/LanProfile                                                          | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                    Set the EapUserData for 802.1x Wired Auth                     |                                                         Dot3/EapUserData                                                         | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
+|                               Specify Skype domain                               |                                              InBoxApps/SkypeForBusiness/DomainName                                               |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|               Auto launch Connect App when projection is initiated               |                                                   InBoxApps/Connect/AutoLaunch                                                   |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                                Set default volume                                |                                                     Properties/DefaultVolume                                                     |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                                Set screen timeout                                |                                                     Properties/ScreenTimeout                                                     |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                               Set session timeout                                |                                                    Properties/SessionTimeout                                                     |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                                Set sleep timeout                                 |                                                     Properties/SleepTimeout                                                      |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                   Allow session to resume after screen is idle                   |                                                  Properties/AllowSessionResume                                                   |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|             Allow device account to be used for proxy authentication             |                                                  Properties/AllowAutoProxyAuth                                                   |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+| Disable auto-populating the sign-in dialog with invitees from scheduled meetings |                                               Properties/DisableSignInSuggestions                                                |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|              Disable "My meetings and files" feature in Start menu               |                                              Properties/DoNotShowMyMeetingsAndFiles                                              |                    Yes </br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                     Set the LanProfile for 802.1x Wired Auth                     |                                                         Dot3/LanProfile                                                          | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                    Set the EapUserData for 802.1x Wired Auth                     |                                                         Dot3/EapUserData                                                         | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
 
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
@@ -97,12 +97,12 @@ The following tables include info on Windows 10 settings that have been validate
 
 |      Setting       |                                            Details                                             |                                                                          CSP reference                                                                           |            Supported with<br>Intune?             |    Supported with<br>Configuration Manager?     | Supported with<br>SyncML\*? |
 |--------------------|------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
-|  Allow Bluetooth   |                      Keep this enabled to support Bluetooth peripherals.                       |                   [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth)                   |                    Yes. <br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. |                     Bluetooth/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx)                      |                    Yes. <br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|    Allow camera    |                           Keep this enabled for Skype for Business.                            |                            [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera)                            |                    Yes. <br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|   Allow location   |                        Keep this enabled to support apps such as Maps.                         |                          [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation)                          |                   Yes. <br> .                    | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|  Allow telemetry   |                    Keep this enabled to help Microsoft improve Surface Hub.                    |                         [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry)                         |                    Yes. <br>                     | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|  Allow USB Drives  |                     Keep this enabled to support USB drives on Surface Hub                     | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
+|  Allow Bluetooth   |                      Keep this enabled to support Bluetooth peripherals.                       |                   [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth)                   |                    Yes. <br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. |                     Bluetooth/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx)                      |                    Yes. <br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|    Allow camera    |                           Keep this enabled for Skype for Business.                            |                            [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera)                            |                    Yes. <br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|   Allow location   |                        Keep this enabled to support apps such as Maps.                         |                          [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation)                          |                   Yes. <br> .                    | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|  Allow telemetry   |                    Keep this enabled to help Microsoft improve Surface Hub.                    |                         [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry)                         |                    Yes. <br>                     | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|  Allow USB Drives  |                     Keep this enabled to support USB drives on Surface Hub                     | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
 
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. 
 
@@ -110,15 +110,15 @@ The following tables include info on Windows 10 settings that have been validate
 
 |                          Setting                          |                                                                        Details                                                                        |                                                                             CSP reference                                                                              |            Supported with<br>Intune?             |    Supported with<br>Configuration Manager?     | Supported with<br>SyncML\*? |
 |-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
-|                         Homepages                         |                                               Use to configure the default homepages in Microsoft Edge.                                               |                                [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages)                                | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                       Allow cookies                       |                    Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session.                     |                             [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies)                             | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                   Allow developer tools                   |                                                   Use to stop users from using F12 Developer Tools.                                                   |                      [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools)                      | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                    Allow Do Not Track                     |                                                          Use to enable Do Not Track headers.                                                          |                          [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack)                          | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                       Allow pop-ups                       |                                                         Use to block pop-up browser windows.                                                          |                              [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups)                              | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                 Allow search suggestions                  |                                                  Use to block search suggestions in the address bar.                                                  |       [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar)       | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|                     Allow Windows Defender SmartScreen                     |                                                       Keep this enabled to turn on Windows Defender SmartScreen.                                                       |                         [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen)                         | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-| Prevent ignoring Windows Defender SmartScreen warnings for websites |     For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from accessing potentially malicious websites.     |         [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride)         | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|  Prevent ignoring Windows Defender SmartScreen warnings for files   | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
+|                         Homepages                         |                                               Use to configure the default homepages in Microsoft Edge.                                               |                                [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages)                                | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                       Allow cookies                       |                    Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session.                     |                             [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies)                             | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                   Allow developer tools                   |                                                   Use to stop users from using F12 Developer Tools.                                                   |                      [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools)                      | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                    Allow Do Not Track                     |                                                          Use to enable Do Not Track headers.                                                          |                          [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack)                          | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                       Allow pop-ups                       |                                                         Use to block pop-up browser windows.                                                          |                              [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups)                              | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                 Allow search suggestions                  |                                                  Use to block search suggestions in the address bar.                                                  |       [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar)       | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|                     Allow Windows Defender SmartScreen                     |                                                       Keep this enabled to turn on Windows Defender SmartScreen.                                                       |                         [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen)                         | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+| Prevent ignoring Windows Defender SmartScreen warnings for websites |     For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from accessing potentially malicious websites.     |         [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride)         | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|  Prevent ignoring Windows Defender SmartScreen warnings for files   | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
 
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
@@ -126,13 +126,13 @@ The following tables include info on Windows 10 settings that have been validate
 
 |                      Setting                      |                                                                                                           Details                                                                                                            |                                                                    CSP reference                                                                    |            Supported with<br>Intune?             |    Supported with<br>Configuration Manager?     | Supported with<br>SyncML\*? |
 |---------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
-| Use Current Branch or Current Branch for Business |                                                       Use to configure Windows Update for Business – see [Windows updates](manage-windows-updates-for-surface-hub.md).                                                       |            [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel)             | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|               Defer feature updates               |                                                                                                          See above.                                                                                                          | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|               Defer quality updates               |                                                                                                          See above.                                                                                                          | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays)  | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|               Pause feature updates               |                                                                                                          See above.                                                                                                          |             [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates)              | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|               Pause quality updates               |                                                                                                          See above.                                                                                                          |             [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates)              | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|           Configure device to use WSUS            |                                            Use to connect your Surface Hub to WSUS instead of Windows Update – see [Windows updates](manage-windows-updates-for-surface-hub.md).                                             |                [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl)                 | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-|               Delivery optimization               | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. |         DeliveryOptimization/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx)          | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
+| Use Current Branch or Current Branch for Business |                                                       Use to configure Windows Update for Business – see [Windows updates](manage-windows-updates-for-surface-hub.md).                                                       |            [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel)             | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|               Defer feature updates               |                                                                                                          See above.                                                                                                          | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|               Defer quality updates               |                                                                                                          See above.                                                                                                          | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays)  | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|               Pause feature updates               |                                                                                                          See above.                                                                                                          |             [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates)              | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|               Pause quality updates               |                                                                                                          See above.                                                                                                          |             [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates)              | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|           Configure device to use WSUS            |                                            Use to connect your Surface Hub to WSUS instead of Windows Update – see [Windows updates](manage-windows-updates-for-surface-hub.md).                                             |                [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl)                 | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+|               Delivery optimization               | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. |         DeliveryOptimization/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx)          | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
 
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
@@ -140,7 +140,7 @@ The following tables include info on Windows 10 settings that have been validate
 
 |      Setting      |                                              Details                                               |                                                     CSP reference                                                      |            Supported with<br>Intune?             |    Supported with<br>Configuration Manager?     | Supported with<br>SyncML\*? |
 |-------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
-| Defender policies |            Use to configure various Defender settings, including a scheduled scan time.            | Defender/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
+| Defender policies |            Use to configure various Defender settings, including a scheduled scan time.            | Defender/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
 |  Defender status  | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. |                   [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx)                    |                       Yes                        |                       Yes                       |             Yes             |
 
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@@ -150,8 +150,8 @@ The following tables include info on Windows 10 settings that have been validate
 |                       Setting                        |                                                          Details                                                          |                                                             CSP reference                                                             |            Supported with<br>Intune?             |    Supported with<br>Configuration Manager?     | Supported with<br>SyncML\*? |
 |------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
 |            Reboot the device immediately             | Use in conjunction with OMS to minimize support costs – see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). |        ./Vendor/MSFT/Reboot/RebootNow <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx)        |                       Yes                        |                       No                        |             Yes             |
-|    Reboot the device at a scheduled date and time    |                                                        See above.                                                         |     ./Vendor/MSFT/Reboot/Schedule/Single <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx)     | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
-| Reboot the device daily at a scheduled date and time |                                                        See above.                                                         | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
+|    Reboot the device at a scheduled date and time    |                                                        See above.                                                         |     ./Vendor/MSFT/Reboot/Schedule/Single <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx)     | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
+| Reboot the device daily at a scheduled date and time |                                                        See above.                                                         | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
 
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
@@ -180,7 +180,7 @@ The following tables include info on Windows 10 settings that have been validate
 
 |        Setting         |                                                            Details                                                             |                                                    CSP reference                                                     |            Supported with<br>Intune?             |    Supported with<br>Configuration Manager?     | Supported with<br>SyncML\*? |
 |------------------------|--------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
-| Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
+| Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
 
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
@@ -188,7 +188,7 @@ The following tables include info on Windows 10 settings that have been validate
 
 |      Setting      |                               Details                               |                                                CSP reference                                                 |            Supported with<br>Intune?             |    Supported with<br>Configuration Manager?     | Supported with<br>SyncML\*? |
 |-------------------|---------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
-| Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
+| Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
 
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
@@ -196,12 +196,12 @@ The following tables include info on Windows 10 settings that have been validate
 
 |       Setting        |                                                                       Details                                                                        |                                                        CSP reference                                                         |            Supported with<br>Intune?             |    Supported with<br>Configuration Manager?     | Supported with<br>SyncML\*? |
 |----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
-| Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) |             Yes             |
+| Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) |             Yes             |
 
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
 ### Generate OMA URIs for settings 
-You need to use a setting’s OMA URI to create a custom policy in Intune, or a custom setting in Microsoft Endpoint Configuration Manager.
+You need to use a setting's OMA URI to create a custom policy in Intune, or a custom setting in Microsoft Endpoint Configuration Manager.
 
 **To generate the OMA URI for any setting in the CSP documentation**
 1. In the CSP documentation, identify the root node of the CSP. Generally, this looks like `./Vendor/MSFT/<name of CSP>` <br>
@@ -217,15 +217,13 @@ The data type is also stated in the CSP documentation. The most common data type
 - bool (Boolean)
 
 
-<span id="example-intune">
 ## Example: Manage Surface Hub settings with Microsoft Intune
 
 You can use Microsoft Intune to manage Surface Hub settings. For custom settings, follow the instructions in [How to configure custom device settings in Microsoft Intune](https://docs.microsoft.com/intune/custom-settings-configure). For **Platform**, select **Windows 10 and later**, and in **Profile type**, select **Device restrictions (Windows 10 Team)**.
 
 
 
-<span id="example-sccm">
-## Example: Manage Surface Hub settings with  Microsoft Endpoint Configuration Manager
+## Example: Manage Surface Hub settings with Microsoft Endpoint Configuration Manager
 Configuration Manager supports managing modern devices that do not require the Configuration Manager client to manage them, including Surface Hub. If you already use Configuration Manager to manage other devices in your organization, you can continue to use the Configuration Manager console as your single location for managing Surface Hubs.
 
 > [!NOTE]
@@ -238,26 +236,26 @@ Configuration Manager supports managing modern devices that do not require the C
 3. On the **General** page of the Create Configuration Item Wizard, specify a name and optional description for the configuration item.
 4. Under **Settings for devices managed without the Configuration Manager client**, select **Windows 8.1 and Windows 10**, and then click **Next**.
 
-    ![example of UI](images/sccm-create.png)
+    ![example of UI](images/configmgr-create.png)
 5. On the **Supported Platforms** page, expand **Windows 10** and select **All Windows 10 Team and higher**. Unselect the other Windows platforms, and then click **Next**.
 
-    ![select platform](images/sccm-platform.png)
+    ![select platform](images/configmgr-platform.png)
 7. On the **Device Settings** page, under **Device settings groups**, select **Windows 10 Team**.
 
 
 8. On the **Windows 10 Team** page, configure the settings you require.
 
-    ![Windows 10 Team](images/sccm-team.png)
+    ![Windows 10 Team](images/configmgr-team.png)
 9. You'll need to create custom settings to manage settings that are not available in the Windows 10 Team page. On the **Device Settings** page, select the check box **Configure additional settings that are not in the default setting groups**.
 
-    ![additional settings](images/sccm-additional.png)
+    ![additional settings](images/configmgr-additional.png)
 10. On the **Additional Settings** page, click **Add**.
 11. In the **Browse Settings** dialog, click **Create Setting**.
 12. In the **Create Setting** dialog, under the **General** tab, specify a name and optional description for the custom setting.
 13. Under **Setting type**, select **OMA URI**.
 14. Complete the form to create a new setting, and then click **OK**.
 
-    ![OMA URI setting](images/sccm-oma-uri.png)
+    ![OMA URI setting](images/configmgr-oma-uri.png)
 15. On the **Browse Settings** dialog, under **Available settings**, select the new setting you created, and then click **Select**.
 16. On the **Create Rule** dialog, complete the form to specify a rule for the setting, and then click **OK**.
 17. Repeat steps 9 to 15 for each custom setting you want to add to the configuration item.

devices/surface-hub/manage-surface-hub-settings.md

@@ -9,7 +9,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 

devices/surface-hub/manage-surface-hub.md

@@ -3,7 +3,7 @@ title: Manage Microsoft Surface Hub
 description: How to manage your Surface Hub after finishing the first-run program.
 ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: manage Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/manage-windows-updates-for-surface-hub.md

@@ -3,7 +3,7 @@ title: Manage Windows updates on Surface Hub
 description: You can manage Windows updates on your Microsoft Surface Hub or Surface Hub 2S by setting the maintenance window, deferring updates, or using Windows Server Update Services (WSUS).
 ms.assetid: A737BD50-2D36-4DE5-A604-55053D549045
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: manage Windows updates, Surface Hub, Windows Server Update Services, WSUS
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/miracast-over-infrastructure.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 06/20/2019
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 

devices/surface-hub/miracast-troubleshooting.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 06/20/2019
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 

devices/surface-hub/monitor-surface-hub.md

@@ -3,7 +3,7 @@ title: Monitor your Microsoft Surface Hub
 description: Monitoring for Microsoft Surface Hub devices is enabled through Microsoft Operations Management Suite (OMS).
 ms.assetid: 1D2ED317-DFD9-423D-B525-B16C2B9D6942
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: monitor Surface Hub, Microsoft Operations Management Suite, OMS
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md

@@ -3,7 +3,7 @@ title: On-premises deployment single forest (Surface Hub)
 description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment.
 ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: single forest deployment, on prem deployment, device account, Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md

@@ -8,7 +8,7 @@ author: dansimp
 ms.author: dansimp
 ms.date: 08/28/2018
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 

devices/surface-hub/online-deployment-surface-hub-device-accounts.md

@@ -3,7 +3,7 @@ title: Online deployment with Office 365 (Surface Hub)
 description: This topic has instructions for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment.
 ms.assetid: D325CA68-A03F-43DF-8520-EACF7C3EDEC1
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: device account for Surface Hub, online deployment
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/password-management-for-surface-hub-device-accounts.md

@@ -3,7 +3,7 @@ title: Password management (Surface Hub)
 description: Every Microsoft Surface Hub device account requires a password to authenticate and enable features on the device.
 ms.assetid: 0FBFB546-05F0-430E-905E-87111046E4B8
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: password, password management, password rotation, device account
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/physically-install-your-surface-hub-device.md

@@ -3,7 +3,7 @@ title: Physically install Microsoft Surface Hub
 description: The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation.
 ms.assetid: C764DBFB-429B-4B29-B4E8-D7F0073BC554
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: Surface Hub, readiness guide, installation location, mounting options
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/prepare-your-environment-for-surface-hub.md

@@ -3,7 +3,7 @@ title: Prepare your environment for Microsoft Surface Hub
 description: This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Microsoft Surface Hub.
 ms.assetid: 336A206C-5893-413E-A270-61BFF3DF7DA9
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: prepare environment, features of Surface Hub, create and test device account, check network availability
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/provisioning-packages-for-surface-hub.md

@@ -3,7 +3,7 @@ title: Create provisioning packages (Surface Hub)
 description: For Windows 10, settings that use the registry or a configuration service provider (CSP) can be configured using provisioning packages.
 ms.assetid: 8AA25BD4-8A8F-4B95-9268-504A49BA5345
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: add certificate, provisioning package
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/remote-surface-hub-management.md

@@ -9,7 +9,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 

devices/surface-hub/save-bitlocker-key-surface-hub.md

@@ -3,7 +3,7 @@ title: Save your BitLocker key (Surface Hub)
 description: Every Microsoft Surface Hub is automatically set up with BitLocker drive encryption software. Microsoft strongly recommends that you make sure you back up your BitLocker recovery keys.
 ms.assetid: E11E4AB6-B13E-4ACA-BCE1-4EDC9987E4F2
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: Surface Hub, BitLocker, Bitlocker recovery keys
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/set-up-your-surface-hub.md

@@ -3,7 +3,7 @@ title: Set up Microsoft Surface Hub
 description: Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program.
 ms.assetid: 4D1722BC-704D-4471-BBBE-D0500B006221
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: set up instructions, Surface Hub, setup worksheet, first-run program
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/setup-worksheet-surface-hub.md

@@ -3,7 +3,7 @@ title: Setup worksheet (Surface Hub)
 description: When you've finished pre-setup and are ready to start first-time setup for your Microsoft Surface Hub, make sure you have all the information listed in this section.
 ms.assetid: AC6F925B-BADE-48F5-8D53-8B6FFF6EE3EB
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: Setup worksheet, pre-setup, first-time setup
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/skype-hybrid-voice.md

@@ -9,7 +9,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 

devices/surface-hub/support-solutions-surface-hub.md

@@ -3,7 +3,7 @@ title: Top support solutions for Microsoft Surface Hub
 description: Find top solutions for common issues using Surface Hub.
 ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: Troubleshoot common problems, setup issues
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/surface-hub-2s-pack-components.md

@@ -36,7 +36,7 @@ Use the following steps to pack your Surface Hub 2S 50" for shipment.
 | **7.** | Replace the cover and slide the Compute Cartridge back into the unit.                                            | ![Replace the cover and slide the Compute Cartridge back into the unit.](images/surface-hub-2s-repack-9.png)|
 | **8.**  | Re-fasten the locking screw and slide the cover into place.                                                      | ![Re-fasten the locking screw and slide the cover into place.](images/surface-hub-2s-repack-10.png)|
 | **9.**  | Remove any base or mounting hardware. Using two people, place the unit in the base of the shipping container.    | ![Remove any base or mounting hardware. Using two people, place the unit in the base of the shipping container.](images/surface-hub-2s-repack-11.png)|
-| **10.** | Replace the cover of the shipping container, and insert the four clips.                                          | ![Replace the cover of the shipping container, and insert the four clips.](images/surface-hub-2s-repack-12.png|
+| **10.** | Replace the cover of the shipping container, and insert the four clips.                                          | ![Replace the cover of the shipping container, and insert the four clips.](images/surface-hub-2s-repack-12.png)|
 | **11.** | Close the four clips.                                                                                            | ![Close the four clips.](images/surface-hub-2s-repack-13.png)|
 
 

devices/surface-hub/surface-hub-authenticator-app.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 08/28/2017
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 localizationpriority: medium
 ---
 

devices/surface-hub/surface-hub-downloads.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 08/22/2017
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 

devices/surface-hub/surface-hub-qos.md

@@ -1,7 +1,7 @@
 ---
 title: Implement Quality of Service on Surface Hub
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 description: Learn how to configure QoS on Surface Hub.
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/surface-hub-recovery-tool.md

@@ -3,7 +3,7 @@ title: Using the Surface Hub Recovery Tool
 description: How to use the Surface Hub Recovery Tool to re-image the SSD.
 ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: manage Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/surface-hub-ssd-replacement.md

@@ -1,7 +1,7 @@
 ---
 title: Surface Hub SSD replacement
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 description: Learn how to replace the solid state drive in a Surface Hub.
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/surface-hub-technical-55.md

@@ -1,7 +1,7 @@
 ---
 title: Technical information for 55" Surface Hub
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 description: Specifications for the 55" Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/surface-hub-technical-84.md

@@ -1,7 +1,7 @@
 ---
 title: Technical information for 84" Surface Hub
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 description: Specifications for the 84" Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/surface-hub-wifi-direct.md

@@ -9,7 +9,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 11/27/2019
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 

devices/surface-hub/surfacehub-whats-new-1703.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 01/18/2018
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 

devices/surface-hub/troubleshoot-surface-hub.md

@@ -3,7 +3,7 @@ title: Troubleshoot Microsoft Surface Hub
 description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors.
 ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: Troubleshoot common problems, setup issues, Exchange ActiveSync errors
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md

@@ -7,7 +7,7 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 07/27/2017
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/use-room-control-system-with-surface-hub.md

@@ -3,7 +3,7 @@ title: Using a room control system (Surface Hub)
 description: Room control systems can be used with your Microsoft Surface Hub.
 ms.assetid: DC365002-6B35-45C5-A2B8-3E1EB0CB8B50
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: room control system, Surface Hub
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/whiteboard-collaboration.md

@@ -1,6 +1,6 @@
 ---
 title: Set up and use Microsoft Whiteboard
-description: Microsoft Whiteboard’s latest update includes the capability for two Surface Hubs to collaborate in real time on the same board.
+description: Microsoft Whiteboard's latest update includes the capability for two Surface Hubs to collaborate in real time on the same board.
 ms.prod: surface-hub
 ms.sitesec: library
 author: dansimp
@@ -8,13 +8,13 @@ ms.author: dansimp
 ms.topic: article
 ms.date: 03/18/2019
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 ms.localizationpriority: medium
 ---
 
 # Set up and use Microsoft Whiteboard
 
-The Microsoft Whiteboard app includes the capability for Surface Hubs and other devices to collaborate in real time on the same board.
+The Microsoft Whiteboard app includes the capability for Surface Hubs and other devices with the Microsoft Whiteboard app installed to collaborate in real time on the same board.
 
 ## Prerequisites
 
@@ -48,14 +48,16 @@ On the other device, such as a Surface Hub, when you are signed in, the shared b
 - You can also change the background color and design from solid to grid or dots. Pick the background, then choose the color from the wheel around it.
 - You can export a copy of the Whiteboard collaboration for yourself through the Share charm and leave the board for others to continue working.
 
+For more information, see [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d).
+
 > [!NOTE]
->  If you are using Whiteboard and cannot sign in, you can collaborate by joining a Teams or Skype for Business meeting, and then sharing your screen. After you’re done, tap **Settings** > **Export to email** or save a copy of the board. The SVG export provides higher resolution than PNG and can be opened in a web browser.
+>  If you are using Whiteboard and cannot sign in, you can collaborate by joining a Teams or Skype for Business meeting, and then sharing your screen. After you're done, tap **Settings** > **Export to email** or save a copy of the board. If you choose to export to SVG, it exports vector graphics and provides higher resolution than PNG and can be opened in a web browser.
 
 ## New features in Whiteboard
 
 The Microsoft Whiteboard app, updated for Surface Hub on July 1, 2019 includes a host of new features including:
 
-- **Automatic Saving** - Boards are saved to the cloud automatically when you sign in, and can be found in the board gallery. 
+- **Automatic Saving** - Boards are saved to the cloud automatically when you sign in, and can be found in the board gallery. There is no local folder name or directory.
 - **Extended collaboration across devices** - You can collaborate using new apps for Windows 10 PC and iOS, and a web version for other devices.
 - **Richer canvas** - In addition to ink and images, Whiteboard now includes sticky notes, text and GIFs, with more objects coming soon.
 - **Intelligence** – In addition to ink to shape and table, Whiteboard now includes ink beautification to improve handwriting and ink grab to convert images to ink.
@@ -68,3 +70,5 @@ The Microsoft Whiteboard app, updated for Surface Hub on July 1, 2019 includes a
 - [Windows 10 Creators Update for Surface Hub](https://www.microsoft.com/surface/support/surface-hub/windows-10-creators-update-surface-hub)
 
 - [Support documentation for Microsoft Whiteboard](https://support.office.com/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01)
+
+- [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d)

devices/surface-hub/wireless-network-management-for-surface-hub.md

@@ -3,7 +3,7 @@ title: Wireless network management (Surface Hub)
 description: Microsoft Surface Hub offers two options for network connectivity to your corporate network and Internet wireless, and wired. While both provide network access, we recommend you use a wired connection.
 ms.assetid: D2CFB90B-FBAA-4532-B658-9AA33CAEA31D
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: network connectivity, wired connection
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface/advanced-uefi-security-features-for-surface-pro-3.md

@@ -3,17 +3,16 @@ title: Advanced UEFI security features for Surface Pro 3 (Surface)
 description: This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.
 ms.assetid: 90F790C0-E5FC-4482-AD71-60589E3C9C93
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 keywords: security, features, configure, hardware, device, custom, script, update
 ms.localizationpriority: medium
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices, security
 ms.sitesec: library
-author: dansimp
-ms.author: dansimp
+author: coveminer
+ms.author: v-jokai
 ms.topic: article
-ms.date: 07/27/2017
 ---
 
 # Advanced UEFI security features for Surface Pro 3

devices/surface/assettag.md

@@ -5,12 +5,11 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.localizationpriority: medium
 ms.sitesec: library
-author: dansimp
-ms.author: dansimp
+author: coveminer
+ms.author: v-jokai
 ms.topic: article
-ms.date: 10/21/2019
 ms.reviewer: hachidan
-manager: dansimp
+manager: laurawi
 ---
 
 # Surface Asset Tag Tool

devices/surface/battery-limit.md

@@ -5,11 +5,10 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: dansimp
-ms.date: 10/31/2019
+author: coveminer
 ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
+manager: laurawi
+ms.author: v-jokai
 ms.topic: article
 ms.localizationpriority: medium
 ms.audience: itpro

devices/surface/change-history-for-surface.md

@@ -1,17 +1,16 @@
 ---
 title: Change history for Surface documentation (Windows 10)
 ms.reviewer: 
-manager: dansimp
+manager: laurawi
 description: This topic lists new and updated topics in the Surface documentation library.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: dansimp
-ms.author: dansimp
+author: coveminer
+ms.author: v-jokai
 ms.topic: article
 ms.localizationpriority: medium
 ms.audience: itpro
-ms.date: 10/21/2019
 ---
 
 # Change history for Surface documentation