Merge branch 'master' into vs-win10gdproverview

2025-05-15 06:47:21 +00:00 · 2017-09-08 12:45:43 -07:00 · 2017-09-08 12:45:43 -07:00 · 97c4ca24b3
commit 97c4ca24b3
parent f6e73fdeda 15908afbe4
87 changed files with 450 additions and 102 deletions
--- a/browsers/edge/Index.md
+++ b/browsers/edge/Index.md
@ -37,6 +37,7 @@ Microsoft Edge lets you stay up-to-date through the Windows Store and to manage
 | [Available policies for Microsoft Edge](available-policies.md)  |Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings.<br><br>Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. |
 | [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) |If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11.<br><br>Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. |
 | [Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md) |Microsoft Edge is designed with significant security improvements over existing browsers, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. |
+|[Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md)|Answering frequently asked questions about Microsoft Edge features, integration, support, and potential problems.

 ## Interoperability goals and enterprise guidance

--- a/browsers/edge/TOC.md
+++ b/browsers/edge/TOC.md
@ -5,4 +5,5 @@
 ##[Available policies for Microsoft Edge](available-policies.md)
 ##[Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)
 ##[Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md)
+##[Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md)

--- a/browsers/edge/microsoft-edge-faq.md
+++ b/browsers/edge/microsoft-edge-faq.md
@ -0,0 +1,83 @@
+---
+title: Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros (Microsoft Edge for IT Pros)
+description: Answering frequently asked questions about Microsoft Edge features, integration, support, and potential problems.
+author: eross-msft
+ms.author: lizross
+ms.prod: edge
+ms.mktglfcycl: general
+ms.sitesec: library
+ms.localizationpriority: high
+---
+
+# Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros
+
+**Applies to:**
+
+- Windows 10
+- Windows 10 Mobile
+
+**Q: What is the difference between Microsoft Edge and Internet Explorer 11? How do I know which one to use?**
+
+**A:** Microsoft Edge is the default browser for all Windows 10 devices. It is built to be highly compatible with the modern web. For some enterprise web apps and a small set of sites on the web that were built to work with older technologies like ActiveX, [you can use Enterprise Mode](https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility) to automatically send users to Internet Explorer 11 for those sites.
+
+For more information on how Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge, see [Legacy apps in the enterprise](https://blogs.windows.com/msedgedev/2017/04/07/legacy-web-apps-enterprise/#RAbtRvJSYFaKu2BI.97).
+
+**Q: Does Microsoft Edge work with Enterprise Mode?**
+
+**A:** [Enterprise Mode](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) offers better backward compatibility and enables customers to run many legacy web applications. Microsoft Edge and Internet Explorer can be configured to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps. For guidance and additional resources, please visit the [Microsoft Edge IT Center](https://technet.microsoft.com/en-us/microsoft-edge).
+
+
+**Q: I have Windows 10, but I don’t seem to have Microsoft Edge. Why?**
+
+**A:** Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, don't include Microsoft Edge or many other Universal Windows Platform (UWP) apps. These apps and their services are frequently updated with new functionality and can't be supported on systems running LTSB operating systems. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11.
+
+**Q: How do I get the latest Canary/Beta/Preview version of Microsoft Edge?**
+
+**A:** You can access the latest preview version of Microsoft Edge by updating to the latest Windows 10 preview via the [Windows Insider Program](https://insider.windows.com/). To run the preview version of Microsoft Edge on a stable version of Windows 10 (or any other OS), you can download a [Virtual Machine](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/windows/) that we provide or use the upcoming RemoteEdge service.
+
+**Q: How do I customize Microsoft Edge and related settings for my organization?**
+
+**A:** You can use Group Policy or Microsoft Intune to manage settings related to Microsoft Edge, such as security settings, folder redirection, and preferences. See [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies) for a list of available policies for Microsoft Edge.
+
+**Q: Is Adobe Flash supported in Microsoft Edge?**
+
+**A:** Currently, Adobe Flash is supported as a built-in feature of Microsoft Edge on devices running the desktop version of Windows 10. In July 2017, Adobe announced that Flash will no longer be supported after 2020. We will phase out Flash from Microsoft Edge and Internet Explorer, culminating in the removal of Flash from Windows entirely by the end of 2020. This process began already for Microsoft Edge with [Click-to-Run for Flash](https://blogs.windows.com/msedgedev/2016/12/14/edge-flash-click-run/) in the Windows 10 Creators Update.
+
+For more information about the phasing out of Flash, read the [End of an Era – Next Steps for Adobe Flash](https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#85ZBy7aiVlDQHebO.97) blog post.
+
+**Q: Does Microsoft Edge support ActiveX controls or BHOs like Silverlight or Java?**
+
+**A:** No, ActiveX controls and BHOs such as Silverlight or Java are not supported in Microsoft Edge. The need for ActiveX controls has been significantly reduced by modern web standards, which are more interoperable across browsers. We are working on plans for an extension model based on the modern web platform in Microsoft Edge. We look forward to sharing more details on these plans soon. Not supporting legacy controls in Microsoft Edge provides many benefits including better interoperability with other modern browsers, as well as increased performance, security, and reliability.
+
+**Q: How often will Microsoft Edge be updated?**
+
+**A:** In Windows 10, we are delivering Windows as a service, updated on a cadence driven by quality and the availability of new features. Microsoft Edge security updates are released every two to four weeks, and the bigger feature updates are currently pushed out with the Windows 10 releases on a semi-annual cadence.
+
+**Q: How can I provide feedback on Microsoft Edge?**
+
+**A:** Microsoft Edge is an evergreen browser and we will continue to evolve both the web platform and the user interface with regular updates. To send feedback on user experience, or on broken or malicious sites, you can use the **Send Feedback** option under the ellipses icon (**...**) in the Microsoft Edge toolbar. You can also provide feedback through the [Microsoft Edge Dev Twitter](https://twitter.com/MSEdgeDev) account. 
+
+**Q: Will Internet Explorer 11 continue to receive updates?**
+
+**A:** We will continue to deliver security updates to Internet Explorer 11 through its supported lifespan. To ensure consistent behavior across Windows versions, we will evaluate Internet Explorer 11 bugs for servicing on a case by case basis. The latest features and platform updates will only be available in Microsoft Edge. 
+
+**Q: I loaded a web page and Microsoft Edge sent me to Internet Explorer - what happened?**
+
+**A:** In some cases, Internet Explorer loads automatically for sites that still rely on legacy technologies such as ActiveX. For more information, read [Legacy web apps in the enterprise](https://blogs.windows.com/msedgedev/2017/04/07/legacy-web-apps-enterprise/#uHpbs94kAaVsU1qB.97).
+
+**Q: Why is Do Not Track (DNT) off by default in Microsoft Edge?**
+
+**A:** When Microsoft first set the Do Not Track setting to “On” by default in Internet Explorer 10, industry standards had not yet been established. We are now making this default change as the World Wide Web Consortium (W3C) formalizes industry standards to recommend that default settings allow customers to actively indicate whether they want to enable DNT. As a result, DNT will not be enabled by default in upcoming versions of Microsoft’s browsers, but we will provide customers with clear information on how to turn this feature on in the browser settings should you wish to do so.
+
+**Q: How do I find out what version of Microsoft Edge I have?**
+
+**A:** Open Microsoft Edge. In the upper right corner click the ellipses icon (**…**), and then click **Settings**. Look in the **About this app** section to find your version. 
+ 
+**Q: What is Microsoft EdgeHTML?**
+
+**A:** Microsoft EdgeHTML is the new web rendering engine that powers the Microsoft Edge web browser and Windows 10 web app platform, and that helps web developers build and maintain a consistent site across all modern browsers. The Microsoft EdgeHTML engine also helps to defend against hacking through support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks, and support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant), which helps ensure that connections to important sites, such as to your bank, are always secured.
+
+**Q: Will Windows 7 or Windows 8.1 users get Microsoft Edge or the new Microsoft EdgeHTML rendering engine?**
+
+**A:** Microsoft Edge has been designed and built to showcase Windows 10 features like Cortana, and is built on top of the Universal Windows Platform. Although we don’t have any plans to bring Microsoft Edge to Windows 7 or Windows 8.1 at this time, you can test Microsoft Edge with older versions of Internet Explorer using [free virtual machines](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/).
+
--- a/devices/surface-hub/TOC.md
+++ b/devices/surface-hub/TOC.md
@ -40,6 +40,7 @@
 ### [Using a room control system](use-room-control-system-with-surface-hub.md)
 ## [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md)
 ## [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md)
+## [Top support solutions for Surface Hub](support-solutions-surface-hub.md)
 ## [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md)
 ## [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md)
 ## [Useful downloads for Surface Hub administrators](surface-hub-downloads.md)
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@ -16,6 +16,12 @@ ms.localizationpriority: medium

 This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).

+## September 2017
+
+New or changed topic | Description
+--- | ---
+[Top support solutions for Surface Hub](support-solutions-surface-hub.md) | New
+
 ## August 2017


--- a/devices/surface-hub/index.md
+++ b/devices/surface-hub/index.md
@ -44,6 +44,7 @@ In some ways, adding your new Surface Hub is just like adding any other Microsof
 | [Manage Microsoft Surface Hub](manage-surface-hub.md) | How to manage your Surface Hub after finishing the first-run program. |
 | [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | 
 | [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security.  | PowerShell scripts to help set up and manage your Surface Hub. |
+| [Top support solutions for Surface Hub](support-solutions-surface-hub.md) | These are the top Microsoft Support solutions for common issues experienced using Surface Hub. | 
 | [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) | Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. |
 | [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) | Learn how to resolve Miracast issues. |
 | [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | This topic provides links to useful Surface Hub documents, such as product datasheets, the site readiness guide, and user's guide. |
--- a/devices/surface-hub/support-solutions-surface-hub.md
+++ b/devices/surface-hub/support-solutions-surface-hub.md
@ -0,0 +1,50 @@
+---
+title: Top support solutions for Microsoft Surface Hub
+description: Find top solutions for common issues using Surface Hub.
+ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
+keywords: Troubleshoot common problems, setup issues
+ms.prod: w10
+ms.mktglfcycl: support
+ms.sitesec: library
+ms.pagetype: surfacehub
+author: kaushika-msft
+ms.author: jdecker
+ms.date: 09/07/2017
+ms.localizationpriority: medium
+---
+
+# Top support solutions for Microsoft Surface Hub
+
+Microsoft regularly releases both updates and solutions for Surface Hub. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface Hub devices updated. For a complete listing of the update history, see [Surface Hub update history](https://www.microsoft.com/surface/support/surface-hub/surface-hub-update-history) and [Known issues and additional information about Microsoft Surface Hub](https://support.microsoft.com/help/4025643).
+
+
+These are the top Microsoft Support solutions for common issues experienced when using Surface Hub.
+
+## Setup and install issues
+
+- [Setup troubleshooting](troubleshoot-surface-hub.md#setup-troubleshooting)
+- [Exchange ActiveSync errors](troubleshoot-surface-hub.md#exchange-activesync-errors)
+
+## Miracast issues
+
+- [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md)
+ 
+## Download updates issues
+
+- [Surface Hub can't download updates from Windows Update](https://support.microsoft.com/help/3191418/surface-hub-can-t-download-updates-from-windows-update)
+
+## Connect app issues
+
+- [The Connect app in Surface Hub exits unexpectedly](https://support.microsoft.com/help/3157417/the-connect-app-in-surface-hub-exits-unexpectedly)
+
+
+
+ 
+
+
+ 
+
+
+
+
+
--- a/devices/surface-hub/troubleshoot-surface-hub.md
+++ b/devices/surface-hub/troubleshoot-surface-hub.md
@ -20,8 +20,6 @@ Troubleshoot common problems, including setup issues, Exchange ActiveSync errors

 Common issues are listed in the following table, along with causes and possible fixes. The [Setup troubleshooting](#setup-troubleshooting) section contains a listing of on-device problems, along with several types of issues that may be encountered during the first-run experience. The [Exchange ActiveSync errors](#exchange-activesync-errors) section lists common errors the device may encounter when trying to synchronize with an Microsoft Exchange ActiveSync server.

-   [Setup troubleshooting](#setup-troubleshooting)
-   [Exchange ActiveSync errors](#exchange-activesync-errors)

 ## Setup troubleshooting

--- a/devices/surface/TOC.md
+++ b/devices/surface/TOC.md
@ -26,6 +26,7 @@
 ### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md)
 ## [Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md)
 ## [Surface Data Eraser](microsoft-surface-data-eraser.md)
+## [Top support solutions for Surface devices](support-solutions-surface.md)
 ## [Change history for Surface documentation](change-history-for-surface.md)


--- a/devices/surface/change-history-for-surface.md
+++ b/devices/surface/change-history-for-surface.md
@ -11,6 +11,12 @@ author: jdeckerms

 This topic lists new and updated topics in the Surface documentation library.

+## September 2017
+
+New or changed topic | Description
+--- | ---
+[Top support solutions for Surface devices](support-solutions-surface.md) | New
+
 ## June 2017

 |New or changed topic | Description |
--- a/devices/surface/index.md
+++ b/devices/surface/index.md
@ -30,6 +30,7 @@ For more information on planning for, deploying, and managing Surface devices in
 | [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) | See how this feature of Surface devices with Surface UEFI allows you to secure and manage firmware settings within your organization. |
 | [Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md) | Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device. |
 | [Surface Data Eraser](microsoft-surface-data-eraser.md) | Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices. |
+| [Top support solutions for Surface devices](support-solutions-surface.md) | These are the top Microsoft Support solutions for common issues experienced using Surface devices in an enterprise. |
 | [Change history for Surface documentation](change-history-for-surface.md) | This topic lists new and updated topics in the Surface documentation library. |


--- a/devices/surface/support-solutions-surface.md
+++ b/devices/surface/support-solutions-surface.md
@ -0,0 +1,64 @@
+---
+title: Top support solutions for Surface devices
+description: Find top solutions for common issues using Surface devices in the enterprise.
+ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
+keywords: Troubleshoot common problems, setup issues
+ms.prod: w10
+ms.mktglfcycl: support
+ms.sitesec: library
+ms.pagetype: surfacehub
+author: kaushika-msft
+ms.author: jdecker
+ms.date: 09/07/2017
+ms.localizationpriority: medium
+---
+
+# Top support solutions for Surface devices
+
+Microsoft regularly releases both updates and solutions for Surface devices. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface devices updated.  For a complete listing of the update history, see [Surface update history](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) and [Install Surface and Windows updates](https://www.microsoft.com/surface/support/performance-and-maintenance/install-software-updates-for-surface?os=windows-10&=undefined).
+
+
+These are the top Microsoft Support solutions for common issues experienced when using Surface devices in an enterprise.
+
+## Screen cracked or scratched issues
+
+- [Cracked screen and physical damage](https://www.microsoft.com/surface/support/warranty-service-and-recovery/surface-is-damaged)
+
+
+##Device cover or keyboard issues
+
+- [Troubleshoot your Surface Type Cover or keyboard](https://www.microsoft.com/surface/support/hardware-and-drivers/troubleshoot-surface-keyboards)
+- [Troubleshoot problems with Surface Keyboard, Surface Ergonomic Keyboard, and Microsoft Modern Keyboard with Fingerprint ID](https://www.microsoft.com/surface/support/touch-mouse-and-search/surface-keyboard-troubleshooting)
+- [Set up Microsoft Modern Keyboard with Fingerprint ID](https://www.microsoft.com/surface/support/touch-mouse-and-search/microsoft-modern-keyboard-fingerprintid-set-up)
+- [Enabling Surface Laptop keyboard during MDT deployment](https://blogs.technet.microsoft.com/askcore/2017/08/18/enabling-surface-laptop-keyboard-during-mdt-deployment/)
+
+ 
+## Device won't wake from sleep or hibernation issues
+
+- [Surface won’t turn on or wake from sleep](https://www.microsoft.com/surface/support/warranty-service-and-recovery/surface-wont-turn-on-or-wake-from-sleep?os=windows-10&=undefined)
+- [Surface Pro 4 or Surface Book doesn't hibernate in Windows 10](https://support.microsoft.com/help/3122682)
+- [Surface Pro 3 doesn't hibernate after four hours in connected standby](https://support.microsoft.com/help/2998588/surface-pro-3-doesn-t-hibernate-after-four-hours-in-connected-standby)
+- [Surface Pro 3 Hibernation Doesn’t Occur on Enterprise Install](https://blogs.technet.microsoft.com/askcore/2014/11/05/surface-pro-3-hibernation-doesnt-occur-on-enterprise-install/)
+
+
+## Other common issues
+
+- [Trouble installing Surface updates](https://www.microsoft.com/surface/support/performance-and-maintenance/troubleshoot-updates?os=windows-10&=undefined)
+- [Troubleshooting common Surface Pro 3 issues post-deployment](http://blogs.technet.com/b/askcore/archive/2015/03/19/troubleshooting-common-surface-pro-3-issues-post-deployment.aspx)
+- [Surface Pro 3 hibernation doesn't occur on enterprise install](https://blogs.technet.microsoft.com/askcore/2014/11/05/surface-pro-3-hibernation-doesnt-occur-on-enterprise-install/)
+- [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manger OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd)
+- [Troubleshoot docking stations for Surface Pro and Surface 3](https://www.microsoft.com/surface/support/hardware-and-drivers/troubleshoot-docking-station?os=windows-8.1-update-1&=undefined)
+- [What to do if Surface is running slower](https://www.microsoft.com/surface/support/performance-and-maintenance/what-to-do-if-surface-is-running-slower?os=windows-10&=undefined)
+
+
+
+
+ 
+
+
+ 
+
+
+
+
+
--- a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
+++ b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
@ -128,6 +128,20 @@ If different encryption strengths are used, MBAM will report the machine as **no
 As of HF02, the MBAM Self-Service Portal automatically adds the '-' on Key ID entry.  
 **Note:** The Server has to be reconfigured for the Javascript to take effect.

+### MBAM 2.5 Sp1 Reports does not work / render properly
+Reports Page does not render properly when SSRS is hosted on SQL Server 2016 edition. 
+For example – Browsing to Helpdesk – Clicking on Reports –  ( Highlighted portion have “x”  on it )
+Digging this further with Fiddler – it does look like once we click on Reports – it calls the SSRS page with HTML 4.0 rendering format.
+
+**Workaround:** Looking at the site.master code and noticed the X-UA mode was dictated as IE8. As IE8 is WAY past the end of life, and customer is using IE11. Update the setting to the below code. This allows the site to utilize IE11 rendering technologies
+
+<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
+
+Original setting is: 
+<meta http-equiv="X-UA-Compatible" content="IE=8" />
+
+This is the reason why the issue was not seen with other browsers like Chrome, Firefox etc.
+
 ## Got a suggestion for MBAM?


--- a/windows/client-management/windows-10-support-solutions.md
+++ b/windows/client-management/windows-10-support-solutions.md
@ -0,0 +1,62 @@
+---
+title: Top support solutions for Windows 10
+description: Get links to solutions for Windows 10 issues
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.author: elizapo
+author: kaushika-msft
+ms.localizationpriority: high
+---
+# Top support solutions for Windows 10
+
+Microsoft regularly releases both updates and solutions for Windows 10. To ensure your computers can receive future updates, including security updates, it's important to keep them updated. Check out the following links for a complete list of released updates:
+
+- [Windows 10 Version 1703 update history](https://support.microsoft.com/help/4018124/) 
+- [Windows 10 Version 1607 update history](https://support.microsoft.com/help/4000825/)
+- [Windows 10 Version 1511 update history](https://support.microsoft.com/help/4000824/)
+
+
+These are the top Microsoft Support solutions for the most common issues experienced when using Windows 10 in an enterprise or IT pro environment. The links below include links to KB articles, updates, and library articles.
+
+## Solutions related to installing Windows updates or hotfixes
+- [Understanding the Windowsupdate.log file for advanced users](https://support.microsoft.com/help/4035760/understanding-the-windowsupdate-log-file-for-advanced-users)
+- [You can't install updates on a Windows-based computer](https://support.microsoft.com/help/2509997/you-can-t-install-updates-on-a-windows-based-computer)
+- [Get-WindowsUpdateLog](https://technet.microsoft.com/itpro/powershell/windows/windowsupdate/get-windowsupdatelog)
+- [How to read the Windowsupdate.log file](https://support.microsoft.com/help/902093/how-to-read-the-windowsupdate-log-file)
+- [Can't download updates from Windows Update from behind a firewall or proxy server](https://support.microsoft.com/help/3084568/can-t-download-updates-from-windows-update-from-behind-a-firewall-or-p)
+- [Computer staged from a SysPrepped image doesn't receive WSUS updates](https://support.microsoft.com/help/4010909/computer-staged-from-a-sysprepped-image-doesn-t-receive-wsus-updates)
+- [Servicing stack update for Windows 10 Version 1703: June 13, 2017](https://support.microsoft.com/help/4022405/servicingstackupdateforwindows10version1703june13-2017)
+- [Servicing stack update for Windows 10 Version 1607 and Windows Server 2016: March 14, 2017](https://support.microsoft.com/help/4013418/servicing-stack-update-for-windows-10-version-1607-and-windows-server)
+
+## Solutions related to Bugchecks or Stop Errors
+- [Troubleshooting Stop error problems for IT Pros](https://support.microsoft.com/help/3106831/troubleshooting-stop-error-problems-for-it-pros)
+- [How to use Windows Recovery Environment (WinRE) to troubleshoot common startup issues](https://support.microsoft.com/help/4026030/how-to-use-windows-recovery-environment-winre-to-troubleshoot-common-s)
+- [How to troubleshoot Windows-based computer freeze issues](https://support.microsoft.com/help/3118553/how-to-troubleshoot-windows-based-computer-freeze-issues)
+- [Understanding Bugchecks](https://blogs.technet.microsoft.com/askperf/2007/12/18/understanding-bugchecks/)
+- [Understanding Crash Dump Files](https://blogs.technet.microsoft.com/askperf/2008/01/08/understanding-crash-dump-files/)
+
+## Solutions related to installing or upgrading Windows
+- [Resolve Windows 10 upgrade errors : Technical information for IT Pros](/windows/deployment/upgrade/resolve-windows-10-upgrade-errors)
+- [Windows OOBE fails when you start a new Windows-based computer for the first time](https://support.microsoft.com/help/4020048/windows-oobe-fails-when-you-start-a-new-windows-based-computer-for-the)
+- ["0xc1800118" error when you push Windows 10 Version 1607 by using WSUS](https://support.microsoft.com/help/3194588/-0xc1800118-error-when-you-push-windows-10-version-1607-by-using-wsus)
+- [0xC1900101 error when Windows 10 upgrade fails after the second system restart'(https://support.microsoft.com/help/3208485/0xc1900101-error-when-windows-10-upgrade-fails-after-the-second-system)
+- [Updates fix in-place upgrade to Windows 10 version 1607 problem](https://support.microsoft.com/help/4020149/updates-fix-in-place-upgrade-to-windows-10-version-1607-problem)
+- [OOBE update for Windows 10 Version 1703: May 9, 2017](https://support.microsoft.com/help/4020008)
+- [OOBE update for Windows 10 Version 1607: May 30, 2017](https://support.microsoft.com/help/4022632)
+- [OOBE update for Windows 10 Version 1511: May 30, 2017](https://support.microsoft.com/help/4022633)
+
+## Solutions related to configuring or managing the Start menu
+- [Manage Windows 10 Start and taskbar layout](/windows/configuration/windows-10-start-layout-options-and-policies)
+- [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout)
+- [Changes to Group Policy settings for Windows 10 Start](/windows/configuration/changes-to-start-policies-in-windows-10)
+- [Preinstalled system applications and Start menu may not work when you upgrade to Windows 10, Version 1511](https://support.microsoft.com/help/3152599)
+- [Start menu shortcuts aren't immediately accessible in Windows Server 2016](https://support.microsoft.com/help/3198613)
+- [Troubleshoot problems opening the Start menu or Cortana](https://support.microsoft.com/help/12385/windows-10-troubleshoot-problems-opening-start-menu-cortana)
+- [Modern apps are blocked by security software when you start the applications on Windows 10 Version 1607](https://support.microsoft.com/help/4016973/modern-apps-are-blocked-by-security-software-when-you-start-the-applic)
+
+## Solutions related to wireless networking and 802.1X authentication
+
+- [Windows 10 devices can't connect to an 802.1X environment](http://support.microsoft.com/kb/3121002)
+- [Windows 10 wireless connection displays "Limited" status](http://support.microsoft.com/kb/3114149)
+- [Computer that has VPN software installed can't detect wireless network after upgrading to Windows 10](http://support.microsoft.com/kb/3084164)
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-admxingestion.md
+++ b/windows/configuration/wcd/wcd-admxingestion.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-applicationmanagement.md
+++ b/windows/configuration/wcd/wcd-applicationmanagement.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-assignedaccess.md
+++ b/windows/configuration/wcd/wcd-assignedaccess.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-automatictime.md
+++ b/windows/configuration/wcd/wcd-automatictime.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-browser.md
+++ b/windows/configuration/wcd/wcd-browser.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-callandmessagingenhancement.md
+++ b/windows/configuration/wcd/wcd-callandmessagingenhancement.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-cellular.md
+++ b/windows/configuration/wcd/wcd-cellular.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-certificates.md
+++ b/windows/configuration/wcd/wcd-certificates.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-cleanpc.md
+++ b/windows/configuration/wcd/wcd-cleanpc.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-connections.md
+++ b/windows/configuration/wcd/wcd-connections.md
@ -5,14 +5,14 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---

 # Connections (Windows Configuration Designer reference)

-Use to configure settings related to variou types of phone connections.
+Use to configure settings related to various types of phone connections.

 ## Applies to

--- a/windows/configuration/wcd/wcd-connectivityprofiles.md
+++ b/windows/configuration/wcd/wcd-connectivityprofiles.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-countryandregion.md
+++ b/windows/configuration/wcd/wcd-countryandregion.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
+++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-developersetup.md
+++ b/windows/configuration/wcd/wcd-developersetup.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-deviceformfactor.md
+++ b/windows/configuration/wcd/wcd-deviceformfactor.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-devicemanagement.md
+++ b/windows/configuration/wcd/wcd-devicemanagement.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-dmclient.md
+++ b/windows/configuration/wcd/wcd-dmclient.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-editionupgrade.md
+++ b/windows/configuration/wcd/wcd-editionupgrade.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md
+++ b/windows/configuration/wcd/wcd-embeddedlockdownprofiles.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-firewallconfiguration.md
+++ b/windows/configuration/wcd/wcd-firewallconfiguration.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-firstexperience.md
+++ b/windows/configuration/wcd/wcd-firstexperience.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-folders.md
+++ b/windows/configuration/wcd/wcd-folders.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-initialsetup.md
+++ b/windows/configuration/wcd/wcd-initialsetup.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-internetexplorer.md
+++ b/windows/configuration/wcd/wcd-internetexplorer.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-licensing.md
+++ b/windows/configuration/wcd/wcd-licensing.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-maps.md
+++ b/windows/configuration/wcd/wcd-maps.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-messaging.md
+++ b/windows/configuration/wcd/wcd-messaging.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-modemconfigurations.md
+++ b/windows/configuration/wcd/wcd-modemconfigurations.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-multivariant.md
+++ b/windows/configuration/wcd/wcd-multivariant.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-networkproxy.md
+++ b/windows/configuration/wcd/wcd-networkproxy.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-networkqospolicy.md
+++ b/windows/configuration/wcd/wcd-networkqospolicy.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-nfc.md
+++ b/windows/configuration/wcd/wcd-nfc.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-oobe.md
+++ b/windows/configuration/wcd/wcd-oobe.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-otherassets.md
+++ b/windows/configuration/wcd/wcd-otherassets.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-personalization.md
+++ b/windows/configuration/wcd/wcd-personalization.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-provisioningcommands.md
+++ b/windows/configuration/wcd/wcd-provisioningcommands.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-sharedpc.md
+++ b/windows/configuration/wcd/wcd-sharedpc.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-shell.md
+++ b/windows/configuration/wcd/wcd-shell.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-smisettings.md
+++ b/windows/configuration/wcd/wcd-smisettings.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-start.md
+++ b/windows/configuration/wcd/wcd-start.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-startupapp.md
+++ b/windows/configuration/wcd/wcd-startupapp.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md
+++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-surfacehubmanagement.md
+++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-tabletmode.md
+++ b/windows/configuration/wcd/wcd-tabletmode.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-takeatest.md
+++ b/windows/configuration/wcd/wcd-takeatest.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-theme.md
+++ b/windows/configuration/wcd/wcd-theme.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-unifiedwritefilter.md
+++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-universalappinstall.md
+++ b/windows/configuration/wcd/wcd-universalappinstall.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-universalappuninstall.md
+++ b/windows/configuration/wcd/wcd-universalappuninstall.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md
+++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-weakcharger.md
+++ b/windows/configuration/wcd/wcd-weakcharger.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-windowsteamsettings.md
+++ b/windows/configuration/wcd/wcd-windowsteamsettings.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-wlan.md
+++ b/windows/configuration/wcd/wcd-wlan.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd-workplace.md
+++ b/windows/configuration/wcd/wcd-workplace.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
-localizationpriority: medium
+ms.localizationpriority: medium
 ms.author: jdecker
 ms.date: 08/21/2017
 ---
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@ -18,28 +18,41 @@ ms.localizationpriority: high

 ## Summary

-**MBR2GPT.EXE** converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS).
+**MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option. 

-MBR2GPT.EXE is located in the **Windows\\System32** directory on a Windows 10 computer running Windows 10 version 1703 or later.
+See the following video for a detailed description and demonstration of MBR2GPT.

-You can use MBR2GPT to perform the following:
+<iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/hfJep4hmg9o" frameborder="0" allowfullscreen></iframe>

- \[Within the Windows PE environment\]: Convert any attached MBR-formatted system disk to the GPT partition format.
- \[From within the currently running OS\]: Convert any attached MBR-formatted system disk to the GPT partition format.
-
->MBR2GPT is available in Windows 10 version 1703, also known as Windows 10 Creator's Update, and later versions. 
+>MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
 >The tool is available in both the full OS environment and Windows PE. 

-You can use MBR2GPT to convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you will need to delete the existing protectors and recreate them.
+You can use MBR2GPT to: 

-The MBR2GPT tool can convert operating system disks that have earlier versions of Windows 10 installed, such as versions 1507, 1511, and 1607. However, you must run the tool while booted into Windows 10 version 1703 or later, and perform an offline conversion.
+- Convert any attached MBR-formatted system disk to the GPT partition format. You cannot use the tool to convert non-system disks from MBR to GPT.
+- Convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you will need to delete the existing protectors and recreate them.
+- Convert operating system disks that have earlier versions of Windows 10 installed, such as versions 1507, 1511, and 1607. However, you must run the tool while booted into Windows 10 version 1703 or later, and perform an offline conversion.

 Offline conversion of system disks with earlier versions of Windows installed, such as Windows 7, 8, or 8.1 are not officially supported. The recommended method to convert these disks is to upgrade the operating system to Windows 10 first, then perform the MBR to GPT conversion.

 >[!IMPORTANT]
 >After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode. <BR>Make sure that your device supports UEFI before attempting to convert the disk.

-<iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/hfJep4hmg9o" frameborder="0" allowfullscreen></iframe>
+## Prerequisites
+
+Before any change to the disk is made, MBR2GPT validates the layout and geometry of the selected disk to ensure that:
+- The disk is currently using MBR
+- There is enough space not occupied by partitions to store the primary and secondary GPTs:
+  - 16KB + 2 sectors at the front of the disk
+  - 16KB + 1 sector at the end of the disk
+- There are at most 3 primary partitions in the MBR partition table
+- One of the partitions is set as active and is the system partition
+- The disk does not have any extended/logical partition
+- The BCD store on the system partition contains a default OS entry pointing to an OS partition
+- The volume IDs can be retrieved for each volume which has a drive letter assigned
+- All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option
+
+If any of these checks fails, the conversion will not proceed and an error will be returned.

 ## Syntax

@ -218,22 +231,6 @@ The following steps illustrate high-level phases of the MBR-to-GPT conversion pr
 5. The boot configuration data (BCD) store is updated.
 6. Drive letter assignments are restored.

-### Disk validation
-
-Before any change to the disk is made, MBR2GPT validates the layout and geometry of the selected disk to ensure that:
- The disk is currently using MBR
- There is enough space not occupied by partitions to store the primary and secondary GPTs:
-  - 16KB + 2 sectors at the front of the disk
-  - 16KB + 1 sector at the end of the disk
- There are at most 3 primary partitions in the MBR partition table
- One of the partitions is set as active and is the system partition
- The disk does not have any extended/logical partition
- The BCD store on the system partition contains a default OS entry pointing to an OS partition
- The volume IDs can be retrieved for each volume which has a drive letter assigned
- All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option
-
-If any of these checks fails, the conversion will not proceed and an error will be returned.
-
 ### Creating an EFI system partition

 For Windows to remain bootable after the conversion, an EFI system partition (ESP) must be in place. MBR2GPT creates the ESP using the following rules:
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
-ms.date: 08/23/2017
+ms.date: 09/05/2017
 author: greg-lindsay
 ---

@ -15,6 +15,11 @@ author: greg-lindsay

 This document describes how to configure virtual machines (VMs) to enable [Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops.

+Deployment instructions are provided for the following scenarios:
+1. [Active Directory-joined VMs](#active-directory-joined-vms)
+2. [Azure Active Directory-joined VMs](#azure-active-directory-joined-vms)
+3. [Azure Gallery VMs](#azure-gallery-vms)
+
 ## Requirements

 - VMs must be running Windows 10 Pro, version 1703 (also known as the Creator's Update) or later.
@ -64,7 +69,35 @@ For Azure AD-joined VMs, follow the same instructions (above) as for [Active Dir
 - In step 9, during setup with Windows Configuration Designer, under **Name**, type a name for the project that indicates it is not for Active Directory joined VMs, such as **Desktop Bulk Enrollment Token Pro GVLK**.
 - In step 12, during setup with Windows Configuration Designer, on the Account Management page, instead of enrolling in Active Directory, choose **Enroll in Azure AD**, click **Get Bulk Token**, sign in and add the bulk token using your organization's credentials.
 - In step 17, when entering the PackagePath, use the project name you entered in step 9 (ex: **Desktop Bulk Enrollment Token Pro GVLK.ppkg**)
- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described below.
+- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described below in [Create custom RDP settings for Azure](#create-custom-rpd-settings-for-azure).
+
+## Azure Gallery VMs
+
+1. (Optional) To disable network level authentication, type the following at an elevated command prompt:
+
+    ```
+    REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f
+    ```
+
+2. At an elevated command prompt, type **sysdm.cpl** and press ENTER.
+3. On the Remote tab, choose **Allow remote connections to this computer** and then click **Select Users**.
+4. Click **Add**, type **Authenticated users**, and then click **OK** three times.
+(https://docs.microsoft.com/azure/virtual-machines/windows/prepare-for-upload-vhd-image#steps-to-generalize-a-vhd).
+5. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
+6. Open Windows Configuration Designer and click **Provison desktop services**.
+7. Under **Name**, type **Desktop Bulk Enrollment Token Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name. 
+    - Note: You can use a different project name, but this name is also used with dism.exe in a subsequent step.
+8. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**.
+9. On the Set up network page, choose **Off**.
+10. On the Account Management page, choose **Enroll in Azure AD**, click **Get Bulk Token**, sign in, and add the bulk token using your organizations credentials.
+11. On the Add applications page, add applications if desired. This step is optional.
+12. On the Add certificates page, add certificates if desired. This step is optional.
+13. On the Finish page, click **Create**.
+14. Copy the .ppkg file to the remote Virtual machine.  Double click to initiate the provisioning package install.  This will reboot the system.
+
+- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described [below](#create-custom-rpd-settings-for-azure).
+
+## Create custom RDP settings for Azure

 To create custom RDP settings for Azure:

--- a/windows/device-security/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/device-security/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@ -26,7 +26,7 @@ Table 2 lists specific data-protection concerns and how they are addressed in Wi
 | Windows 7 | Windows 10 |
 |---|---|
 | When BitLocker is used with a PIN to protect startup, PCs such as kiosks cannot be restarted remotely. | Modern Windows devices are increasingly protected with BitLocker Device Encryption out of the box and support SSO to seamlessly protect the BitLocker encryption keys from cold boot attacks.<br><br>Network Unlock allows PCs to start automatically when connected to the internal network. |
-| Users must contact the IT department to change their BitLocker PIN or password. | Modern Windows devices no longer require a PIN in the pre-boot environment to protect BitLocker encryption keys from cold boot attacks.<br><br>Users who have standard privileges can change their BitLocker PIN or password on legacy devices that require a PIN. |
+ | Users must contact the IT department to change their BitLocker PIN or password. | Modern Windows devices no longer require a PIN in the pre-boot environment to protect BitLocker encryption keys from cold boot attacks.<br><br>Users who have standard privileges can change their BitLocker PIN or password on legacy devices that require a PIN. |
 | When BitLocker is enabled, the provisioning process can take several hours. | BitLocker pre-provisioning, encrypting hard drives, and Used Space Only encryption allow administrators to enable BitLocker quickly on new computers. |
 | There is no support for using BitLocker with self-encrypting drives (SEDs). | BitLocker supports offloading encryption to encrypted hard drives. |
 | Administrators have to use separate tools to manage encrypted hard drives. | BitLocker supports encrypted hard drives with onboard encryption hardware built in, which allows administrators to use the familiar BitLocker administrative tools to manage them. |
@ -66,7 +66,7 @@ Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryp

 Unlike a standard BitLocker implementation, BitLocker Device Encryption is enabled automatically so that the device is always protected. The following list outlines how this happens:

-* When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, BitLocker Device Encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state).
+* When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, BitLocker Device Encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state). In this state, the drive is shown with a warning icon in Windows Explorer.  The yellow warning icon is removed after the TPM protector is created and the recovery key is backed up, as explained in the following bullet points.
 * If the device is not domain joined, a Microsoft account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to the online Microsoft account, and a TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key by using his or her Microsoft account credentials.
 * If the user uses a domain account to sign in, the clear key is not removed until the user joins the device to a domain and the recovery key is successfully backed up to Active Directory Domain Services (AD DS). You must enable the **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** Group Policy setting, and select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** option. With this configuration, the recovery password is created automatically when the computer joins the domain, and then the recovery key is backed up to AD DS, the TPM protector is created, and the clear key is removed.
 * Similar to signing in with a domain account, the clear key is removed when the user logs on to an Azure AD account on the device. As described in the bullet point above, the recovery password is created automatically when the user authenticates to Azure AD. Then, the recovery key is backed up to Azure AD, the TPM protector is created, and the clear key is removed.
--- a/windows/device-security/security-policy-settings/images/uac-admin-approval-mode-for-the-built-in-administrator-account.png
+++ b/windows/device-security/security-policy-settings/images/uac-admin-approval-mode-for-the-built-in-administrator-account.png
--- a/windows/device-security/security-policy-settings/images/uac-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.png
+++ b/windows/device-security/security-policy-settings/images/uac-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.png
--- a/windows/device-security/security-policy-settings/images/uac-notify-me-only-when-apps-try-to-make-changes-to-my-pc.png
+++ b/windows/device-security/security-policy-settings/images/uac-notify-me-only-when-apps-try-to-make-changes-to-my-pc.png
--- a/windows/device-security/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
+++ b/windows/device-security/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
@ -53,6 +53,27 @@ The following table lists the actual and effective default values for this polic
 | Member Server Effective Default Settings | Disabled| 
 | Client Computer Effective Default Settings | Disabled| 
  
+
+## To enable Admin Approval Mode
+If you wish to use Admin Approval Mode with an active built-in administrator account, follow these steps:
+
+1. In the search box, type gpedit.exe.
+2. From the Local Group Policy editor, navigate to **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options**.
+
+   ![User Account Control: Admin Approval Mode for the built-in administrator account](images/uac-admin-approval-mode-for-the-built-in-administrator-account.png)
+
+3. Double-click the policy **UAC-Admin-Approval-Mode-for-the-Built-in-Administrator-account**.
+4. On the **Local Security Setting** tab, make sure that the **Enabled** radio button is selected and then click OK.
+5. Configure the local security setting  **UAC-Behavior-of-the-elevation-prompt-for-administrators-in-Admin-Approval-Mode** by setting it to **Prompt for consent on the secure desktop** and then click OK.
+
+    ![User Account Control: behavior of the elevation prompt for administrators in Admin Approval Mode](images/uac-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.png)
+
+As an alternative way to carry out step 5, you can also type "UAC" in the search box, and then from the User Account Control Settings dialog box, set the slider control to **Notify me only when apps try to make changes to my computer (default)**.
+
+![User Account Control notify me only when apps try to make changes to my pc](images/uac-notify-me-only-when-apps-try-to-make-changes-to-my-pc.png)
+
+6. To activate the new setting, log out and then log in again.
+
 ## Policy management

 This section describes features and tools that are available to help you manage this policy.
@ -67,7 +88,7 @@ This section describes how an attacker might exploit a feature or its configurat

 ### Vulnerability

-One of the risks of the User Account Control (UAC) feature is that it is intended to mitigate malicious software running under elevated credentials without the user or administrator being aware of its activity. An attack vector for malicious programs is to discover the password of the administrator account because that user account was created for all installations of the Windows. To address this risk, the built-in administrator account is disabled in computers running at least Windows Vista. In computers running at least Windows Server 2008, the administrator account is enabled, and the password must be changed the first time the Administrator logs on. In a default installation of a computer running at least Windows Vista, accounts with administrative control over the computer are initially set up in one of two ways:
+ An attack vector for malicious programs is to discover the password of the administrator account because that user account was created for all installations of Windows. To address this risk, the built-in administrator account is disabled in computers running at least Windows Vista. In computers running at least Windows Server 2008, the administrator account is enabled, and the password must be changed the first time the Administrator logs on. In a default installation of a computer running at least Windows Vista, accounts with administrative control over the computer are initially set up in one of two ways:

 -   If the computer is not joined to a domain, the first user account you create has the equivalent permissions as a local administrator.
 -   If the computer is joined to a domain, no local administrator accounts are created. The enterprise or domain administrator must log on to the computer and create a local administrator account if one is warranted.
--- a/windows/device-security/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
+++ b/windows/device-security/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
@ -58,7 +58,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec
 ### Default values


-| Server type or GPO Default value |
+| Server type or GPO | Default value |
 | - | - |
 | Default Domain Policy | Not defined| 
 | Default Domain Controller Policy | Not defined |
--- a/windows/hub/TOC.md
+++ b/windows/hub/TOC.md
@ -6,4 +6,5 @@
 ## [Application management](/windows/application-management)
 ## [Access protection](/windows/access-protection)
 ## [Device security](/windows/device-security)
-## [Threat protection](/windows/threat-protection)
+## [Threat protection](/windows/threat-protection)
+## [Troubleshooting](/windows/client-management/windows-10-support-solutions)
--- a/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
@ -45,12 +45,11 @@ You can also [specify how long the file should be prevented from running](config

 ## How it works

-When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. The following video describes how this feature works.
+When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. 

-The Block at first sight feature only uses the cloud protection backend for executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the EXE file is checked via the cloud backend to determine if this is a previously undetected file.
+The Block at First Sight feature only uses the cloud protection backend for executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file.

-<iframe 
-src="https://videoplayercdn.osi.office.net/embed/c2f20f59-ca56-4a7b-ba23-44c60bc62c59" width="768" height="432" allowFullScreen="true" frameBorder="0" scrolling="no"></iframe> 
+ 

 If the cloud backend is unable to make a determination, the file will be locked by Windows Defender AV while a copy is uploaded to the cloud. The cloud will perform additional analysis to reach a determination before it allows the file to run or blocks it in all future encounters, depending on whether the file is determined to be malicious or safe. 

--- a/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
@ -33,6 +33,11 @@ Cloud-delivered protection for Windows Defender Antivirus, also referred to as M

 Enabling cloud-delivered protection helps detect and block new malware - even if the malware has never been seen before - without needing to wait for a traditionally delivered definition update to block it. Definition updates can take hours to prepare and deliver, while our cloud service can deliver updated protection in seconds. 

+The following video describes how it works:
+
+<iframe 
+src="https://videoplayercdn.osi.office.net/embed/c2f20f59-ca56-4a7b-ba23-44c60bc62c59" width="768" height="432" allowFullScreen="true" frameBorder="0" scrolling="no"></iframe>
+
 Cloud-delivered protection is enabled by default, however you may need to re-enable it if it has been disabled as part of previous organizational policies.

 The following table describes the differences in cloud-delivered protection between recent versions of Windows and System Center Configuration Manager.
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
@ -26,7 +26,7 @@ Windows Defender ATP supports non-persistent VDI session onboarding. There might


 - Instant early onboarding of a short living session
-    - A session should be onboarded to Windows Defender ATP prior to the actual provisioning
+    - A session should be onboarded to Windows Defender ATP prior to the actual provisioning.

 - Machine name persistence
    - The machine names are typically reused for new sessions. One may ask to have them as a single machine entry while others may prefer to have multiple entries per machine name.
@ -42,14 +42,14 @@ You can onboard VDI machines using a single entry or multiple entries for each m
 2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.

    >[!NOTE]
-    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer.
+    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.

 3. The following step is only applicable if you're implementing a single entry for each machine: <br>
    **For single entry for each machine**:<br>
        a. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>

    >[!NOTE]
-    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose to the **Show hidden files and folders** option from file explorer.
+    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.

 4. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**.

--- a/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md
@ -23,7 +23,7 @@ ms.date: 09/05/2017
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)

-Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).

 In general, you’ll need to take the following steps to use the APIs:
 -	Create an app
--- a/windows/threat-protection/windows-defender-atp/images/atp-sec-coverage.png
+++ b/windows/threat-protection/windows-defender-atp/images/atp-sec-coverage.png
--- a/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
@ -62,6 +62,9 @@ Machine group and tags support proper mapping of the network, enabling you to at
 - [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)<br>
 Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.

+- [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)<br>
+    Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.
+

    

--- a/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
@ -58,7 +58,7 @@ Click on each control to see the recommended optimizations.

 ![Improvement opportunities](images/atp-improv-ops.png)

-The numbers beside the green triangle icon on each recommended action represents the number of points you can gain by taking the action.  When added together, the total number makes up the nominator in the fraction for each segment in the Improvement opportunities tile.
+The numbers beside the green triangle icon on each recommended action represents the number of points you can gain by taking the action.  When added together, the total number makes up the numerator in the fraction for each segment in the Improvement opportunities tile.

 Recommendations that do not display a green action are informational only and no action is required.