Merge remote-tracking branch 'refs/remotes/Microsoft/master'

2025-06-30 09:43:42 +00:00 · 2016-05-27 14:11:06 -07:00
parent a11645582a 1c6d2df021
commit a487801397
871 changed files with 13572 additions and 29778 deletions
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@ -52,7 +52,7 @@
                "Conceptual": "Content"
            }
        },
-		{
+	    {
            "docset_name": "mdop",
            "build_output_subfolder": "mdop",
            "locale": "en-us",
--- a/devices/surface-hub/TOC.md
+++ b/devices/surface-hub/TOC.md
@ -20,6 +20,7 @@
 #### [Accessibility](accessibility-surface-hub.md)
 #### [Change the Surface Hub device account](change-surface-hub-device-account.md)
 #### [Device reset](device-reset-suface-hub.md)
+#### [End a Surface Hub meeting with I'm Done](i-am-done-finishing-your-surface-hub-meeting.md)
 #### [Install apps on your Surface Hub](install-apps-on-surface-hub.md)
 #### [Manage settings with a local admin account](manage-settings-with-local-admin-account-surface-hub.md)
 #### [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md)
--- a/devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md
+++ b/devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md
@ -0,0 +1,87 @@
+---
+title: I am done - ending a Surface Hub meeting
+description: To end a Surface Hub meeting, tap I am Done. Surface Hub cleans up the application state, operating system state, and the user interface so that Surface Hub is ready for the next meeting.
+keywords: I am Done, end Surface Hub meeting, finish Surface Hub meeting, clean up Surface Hub meeting
+author: TrudyHa
+---
+
+# End a Surface Hub meeting with I'm Done
+Surface Hub is a collaboration device designed to be used simultaneously and sequentially by multiple people. At the end of a Surface Hub meeting, one of the attendees can tap or click **I'm Done** to end the meeting. Tapping **I'm Done** tells Surface Hub to clean up info from the current meeting, so that it will be ready for the next meeting. When a meeting attendee taps **I'm Done**, Surface Hub cleans up, or resets, these states. 
+- Applications
+- Operating system
+- User interface
+
+This topic explains what **I'm Done** resets for each of these states. 
+
+## Applications
+When you start apps on Surface Hub, they are stored in memory and data is stored at the application level. Data is available to all users during that session (or meeting) until date is removed or overwritten. When **I'm done** is selected, Surface Hub application state is cleared out by closing applications, deleting browser history, resetting applications, and removing Skype logs.
+
+### Close applications
+Surface Hub closes all visible windows, including Win32 and Universal Windows Platform (UWP) applications. The application close stage uses the multitasking view to query the visible windows. Win32 windows that do not close within a certain timeframe are closed using **TerminateProcess**. 
+   
+### Delete browser history
+Surface Hub uses Delete Browser History (DBH) in Edge to clear Edge history and cached data. This is similar to how a user can clear out their browser history manually, but **I'm Done** also ensures that application states are cleared and data is removed before the next session, or meeting, starts. 
+ 
+### Reset applications
+**I'm Done** resets the state of each application that is installed on the Surface Hub. Resetting an application clears all background tasks, application data, notifications, and user consent dialogs. Applications are returned to their first-run state for the next people that use Surface Hub.  
+ 
+### Remove Skype logs
+Skype does not store personally-identifiable information on Surface Hub. Information is stored in the Skype service to meet existing Skype for Business guidance. Local Skype logging information is the only data removed when **I'm Done** is selected. This includes Unified Communications Client Platform (UCCP) logs and media logs.   
+
+## Operating System
+The operating system hosts a variety of information about the state of the sessions that needs to be cleared after each Surface Hub meeting. 
+### File System
+Meeting attendees have access to a limited set of directories on the Surface Hub. When **I'm Done** is selected, Surface Hub clears these directories:<br>
+- Music
+- Videos
+- Documents
+- Pictures
+- Downloads
+
+Surface Hub also clears these directories, since many applications often write to them:
+- Desktop
+- Favorites
+- Recent
+- Public Documents
+- Public Music
+- Public Videos
+- Public Downloads
+
+### Credentials
+User credentials that are stored in **TokenBroker**, **PasswordVault**, or **Credential Manager** are cleared when you tap I’m done.
+
+## User interface
+User interface (UI) settings are returned to their default values when **I'm Done** is selected. 
+
+### UI items
+- Reset Quick Actions to default state
+- Clear Toast notifications
+- Reset volume levels
+- Reset Cortana relaunch count
+- Reset sidebar width
+- Reset tablet mode layout
+
+### Accessibility
+Accessibility features and apps are returned to default settings when **I'm Done** is selected.
+- Filter keys
+- High contrast
+- Stickey keys
+- Toggle keys
+- Mouse keys
+- Magnifier
+- Narrator
+
+### Clipboard
+The clipboard is cleared to remove data that was copied to the clipboard during the session. 
+
+## Frequently asked questions
+**What happens if I forget to tap I'm Done at the end of a meeting, and someone else uses the Surface Hub later?**<br>
+When you don't tap **I"m Done** at the end of your meeting, Surface Hub enters a Resume state. This is similar to leaving content on a whiteboard in a meeting room, and forgetting to erase the whiteboard. When you return to the meeting room, that content will still be on the whiteboard unless someone erarses it. With Surface Hub, meeting content is still available if an attendee doesn't tap **I'm Done**. However, Surface Hub removes all meeting data during daily maintenance. Any meeting that wasn't ended with **I'm Done** will be cleaned up during maintenance. 
+
+**Are documents recoverable?**<br> 
+Removing files from the hard drive when **I'm Done** is selected is just like any other file deletion from a hard disk drive. 3rd-party software might be able to recover data from the hard disk drive, but file recovery is not a supported feature on Surface Hub. 
+
+**Do the clean-up actions from I'm Done comply with the US Department of Defense clearing and sanitizing standard: DoD 5220.22-M?**<br>
+No. Currently, the clean-up actions from **I'm Done** do not comply with this standard.  
+
+  
--- a/devices/surface/TOC.md
+++ b/devices/surface/TOC.md
@ -6,6 +6,7 @@
 ## [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)
 ## [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)
 ## [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)
+## [Manage Surface UEFI settings](manage-surface-uefi-settings.md)
 ## [Surface Data Eraser](microsoft-surface-data-eraser.md)
 ## [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)
 ### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
--- a/devices/surface/advanced-uefi-security-features-for-surface.md
+++ b/devices/surface/advanced-uefi-security-features-for-surface.md
@ -2,11 +2,12 @@
 title: Advanced UEFI security features for Surface (Surface)
 description: This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.
 ms.assetid: 90F790C0-E5FC-4482-AD71-60589E3C9C93
-keywords: ["Surface, Surface Pro 3, security, features, configure, hardware, device, custom, script, update"]
-ms.prod: W10
+keywords: security, features, configure, hardware, device, custom, script, update
+ms.prod: w10
 ms.mktglfcycl: manage
+ms.pagetype: surface, devices, security
 ms.sitesec: library
-author: heatherpoulsen
+author: miladCA
 ---

 # Advanced UEFI security features for Surface
@ -24,9 +25,7 @@ Before you can configure the advanced security features of your Surface device,
 ## Manually configure additional security settings


-**Note**  To enter firmware setup on a Surface device, begin with the device powered off, press and hold the **Volume Up** button, then press and release the **Power** button, then release the **Volume Up** button after the device has begun to boot.
-
- 
+>**Note:**&nbsp;&nbsp;To enter firmware setup on a Surface device, begin with the device powered off, press and hold the **Volume Up** button, then press and release the **Power** button, then release the **Volume Up** button after the device has begun to boot.

 After the v3.11.760.0 UEFI update is installed on a Surface device, an additional UEFI menu named **Advanced Device Security** becomes available. If you click this menu, the following options are displayed:

@ -57,9 +56,8 @@ As an IT professional with administrative privileges, you can automate the confi

 **Sample scripts**

-**Note**  The UEFI password used in the sample scripts below is presented in clear text. We strongly recommend saving the scripts in a protected location and running them in a controlled environment.
+>**Note**:&nbsp;&nbsp;The UEFI password used in the sample scripts below is presented in clear text. We strongly recommend saving the scripts in a protected location and running them in a controlled environment.

- 

 Show all configurable options:

--- a/devices/surface/customize-the-oobe-for-surface-deployments.md
+++ b/devices/surface/customize-the-oobe-for-surface-deployments.md
@ -2,35 +2,31 @@
 title: Customize the OOBE for Surface deployments (Surface)
 description: This article will walk you through the process of customizing the Surface out-of-box experience for end users in your organization.
 ms.assetid: F6910315-9FA9-4297-8FA8-2C284A4B1D87
-keywords: ["deploy, customize, automate, deployment, network, Pen, pair, boot"]
-ms.prod: W10
+keywords: deploy, customize, automate, network, Pen, pair, boot
+ms.prod: w10
 ms.mktglfcycl: deploy
+ms.pagetype: surface, devices
 ms.sitesec: library
-author: heatherpoulsen
+author: jobotto
 ---

 # Customize the OOBE for Surface deployments


-This article will walk you through the process of customizing the Surface out-of-box experience for end users in your organization.
+This article walks you through the process of customizing the Surface out-of-box experience for end users in your organization.

 It is common practice in a Windows deployment to customize the user experience for the first startup of deployed computers — the out-of-box experience, or OOBE.

-**Note**  
-OOBE is also often used to describe the phase, or configuration pass, of Windows setup during which the user experience is displayed. For more information about the OOBE phase of setup, see [How Configuration Passes Work](http://msdn.microsoft.com/library/windows/hardware/dn898581(v=vs.85).aspx).
-
- 
+>**Note:**&nbsp;&nbsp;OOBE is also often used to describe the phase, or configuration pass, of Windows setup during which the user experience is displayed. For more information about the OOBE phase of setup, see [How Configuration Passes Work](http://msdn.microsoft.com/library/windows/hardware/dn898581.aspx).

 In some scenarios, you may want to provide complete automation to ensure that at the end of a deployment, computers are ready for use without any interaction from the user. In other scenarios, you may want to leave key elements of the experience for users to perform necessary actions or select between important choices. For administrators deploying to Surface devices, each of these scenarios presents a unique challenge to overcome.

 This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](http://go.microsoft.com/fwlink/p/?LinkID=618042).

-**Note**  
-Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=618117) or System Center Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:
-
-   [Deploy Windows 10 with the Microsoft Deployment Toolkit](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit)
-
-   [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager)
+>**Note:**&nbsp;&nbsp;Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=618117) or System Center Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:<br/>
+- [Deploy Windows 10 with the Microsoft Deployment Toolkit](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit)
+<br/>
+- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager)

  

@ -53,8 +49,7 @@ To provide the factory Surface Pen pairing experience in OOBE, you must copy fou
 -   %windir%\\system32\\oobe\\info\\default\\1033\\PenError\_en-US.png
 -   %windir%\\system32\\oobe\\info\\default\\1033\\PenSuccess\_en-US.png

-**Note**  
-You should copy the files from a factory image for the same model Surface device that you intend to deploy to. For example, you should use the files from a Surface Pro 3 to deploy to Surface Pro 3, and the files from Surface Book to deploy Surface Book, but you should not use the files from a Surface Pro 3 to deploy Surface Book or Surface Pro 4.
+>**Note:**&nbsp;&nbsp;You should copy the files from a factory image for the same model Surface device that you intend to deploy to. For example, you should use the files from a Surface Pro 3 to deploy to Surface Pro 3, and the files from Surface Book to deploy Surface Book, but you should not use the files from a Surface Pro 3 to deploy Surface Book or Surface Pro 4.

  

--- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
+++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
@ -2,11 +2,12 @@
 title: Download the latest firmware and drivers for Surface devices (Surface)
 description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.
 ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A
-keywords: ["update Surface, newest, latest, download, firmware, driver, tablet, hardware, device"]
-ms.prod: W10
+keywords: update Surface, newest, latest, download, firmware, driver, tablet, hardware, device
+ms.prod: w10
 ms.mktglfcycl: deploy
+ms.pagetype: surface, devices
 ms.sitesec: library
-author: heatherpoulsen
+author: jobotto
 ---

 # Download the latest firmware and drivers for Surface devices
@ -26,14 +27,12 @@ Driver and firmware updates for Surface devices are released in one of two ways:

 Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices and are detailed here in this article.

-**Note**  
-To simplify the process of locating drivers for your device, downloads for Surface devices have been reorganized to separate pages for each model. Bookmark the Microsoft Download Center page for your device from the links provided on this page. Many of the filenames contain a placeholder denoted with *xxxxxx*, which identifies the current version number or date of the file.
-
+>**Note:**&nbsp;&nbsp;To simplify the process of locating drivers for your device, downloads for Surface devices have been reorganized to separate pages for each model. Bookmark the Microsoft Download Center page for your device from the links provided on this page. Many of the filenames contain a placeholder denoted with *xxxxxx*, which identifies the current version number or date of the file.
  

 Recent additions to the downloads for Surface devices provide you with options to install Windows 10 on your Surface devices and update LTE devices with the latest Windows 10 drivers and firmware.

-**Note**  A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](http://go.microsoft.com/fwlink/p/?LinkId=618106) for more information.
+>**Note:**&nbsp;&nbsp;A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](http://go.microsoft.com/fwlink/p/?LinkId=618106) for more information.

  

--- a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
+++ b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
@ -2,11 +2,12 @@
 title: Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices (Surface)
 description: Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.
 ms.assetid: A281EFA3-1552-467D-8A21-EB151E58856D
-keywords: ["network", "wireless", "device", "deploy", "authenticaion", "protocol"]
+keywords: network, wireless, device, deploy, authentication, protocol
 ms.prod: w10
 ms.mktglfcycl: deploy
+ms.pagetype: surface, devices
 ms.sitesec: library
-author: heatherpoulsen
+author: miladCA
 ---

 # Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices
--- a/devices/surface/ethernet-adapters-and-surface-device-deployment.md
+++ b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
@ -2,11 +2,12 @@
 title: Ethernet adapters and Surface deployment (Surface)
 description: This article provides guidance and answers to help you perform a network deployment to Surface devices.
 ms.assetid: 5273C59E-6039-4E50-96B3-426BB38A64C0
-keywords: ["ethernet, deploy, removable, network, connectivity, boot, firmware, device, adapter, PXE boot, USB"]
-ms.prod: W10
+keywords: ethernet, deploy, removable, network, connectivity, boot, firmware, device, adapter, PXE boot, USB
+ms.prod: w10
 ms.mktglfcycl: deploy
+ms.pagetype: surface, devices
 ms.sitesec: library
-author: heatherpoulsen
+author: jobotto
 ---

 # Ethernet adapters and Surface deployment
@ -53,7 +54,7 @@ To boot a Surface device from an alternative boot device, follow these steps:
 3.  Press and release the **Power** button.
 4.  After the system begins to boot from the USB stick or Ethernet adapter, release the **Volume Down** button.

-**Note**  In addition to an Ethernet adapter, a keyboard must also be connected to the Surface device to enter the preinstallation environment and navigate the deployment wizard.
+>**Note:**&nbsp;&nbsp;In addition to an Ethernet adapter, a keyboard must also be connected to the Surface device to enter the preinstallation environment and navigate the deployment wizard.

  

--- a/devices/surface/images/manage-surface-uefi-fig2.png
+++ b/devices/surface/images/manage-surface-uefi-fig2.png
--- a/devices/surface/images/manage-surface-uefi-fig3.png
+++ b/devices/surface/images/manage-surface-uefi-fig3.png
--- a/devices/surface/images/manage-surface-uefi-fig4.png
+++ b/devices/surface/images/manage-surface-uefi-fig4.png
--- a/devices/surface/images/manage-surface-uefi-fig5.png
+++ b/devices/surface/images/manage-surface-uefi-fig5.png
--- a/devices/surface/images/manage-surface-uefi-fig6.png
+++ b/devices/surface/images/manage-surface-uefi-fig6.png
--- a/devices/surface/images/manage-surface-uefi-fig7.png
+++ b/devices/surface/images/manage-surface-uefi-fig7.png
--- a/devices/surface/images/manage-surface-uefi-fig8.png
+++ b/devices/surface/images/manage-surface-uefi-fig8.png
--- a/devices/surface/images/manage-surface-uefi-figure-1.png
+++ b/devices/surface/images/manage-surface-uefi-figure-1.png
--- a/devices/surface/index.md
+++ b/devices/surface/index.md
@ -2,8 +2,9 @@
 title: Surface (Surface)
 description: .
 ms.assetid: 2a6aec85-b8e2-4784-8dc1-194ed5126a04
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
+ms.pagetype: surface, devices
 ms.sitesec: library
 author: heatherpoulsen
 ---
@ -15,6 +16,9 @@ author: heatherpoulsen


 This library provides guidance to help you deploy Windows on Surface devices, keep those devices up to date, and easily manage and support Surface devices in your organization.
+
+For more information on planning for, deploying, and managing Surface devices in your organization, see the [Surface TechCenter](https://technet.microsoft.com/en-us/windows/surface).
+
 ## In this section


@ -32,15 +36,15 @@ This library provides guidance to help you deploy Windows on Surface devices, ke
 <tbody>
 <tr class="odd">
 <td><p>[Advanced UEFI security features for Surface](advanced-uefi-security-features-for-surface.md)</p></td>
-<td><p>This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.</p></td>
+<td><p>Find out how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.</p></td>
 </tr>
 <tr class="even">
 <td><p>[Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)</p></td>
-<td><p>This article will walk you through the process of customizing the Surface out-of-box experience for end users in your organization.</p></td>
+<td><p>Walk through the process of customizing the Surface out-of-box experience for end users in your organization.</p></td>
 </tr>
 <tr class="odd">
 <td><p>[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)</p></td>
-<td><p>This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.</p></td>
+<td><p>Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.</p></td>
 </tr>
 <tr class="even">
 <td><p>[Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)</p></td>
@ -48,7 +52,7 @@ This library provides guidance to help you deploy Windows on Surface devices, ke
 </tr>
 <tr class="odd">
 <td><p>[Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)</p></td>
-<td><p>This article provides guidance and answers to help you perform a network deployment to Surface devices.</p></td>
+<td><p>Get guidance and answers to help you perform a network deployment to Surface devices.</p></td>
 </tr>
 <tr class="even">
 <td><p>[Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)</p></td>
@ -56,23 +60,27 @@ This library provides guidance to help you deploy Windows on Surface devices, ke
 </tr>
 <tr class="odd">
 <td><p>[Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)</p></td>
-<td><p>This article describes the available options to manage firmware and driver updates for Surface devices.</p></td>
+<td><p>Explore the available options to manage firmware and driver updates for Surface devices.</p></td>
 </tr>
 <tr class="even">
+<td><p>[Manage Surface UEFI settings](manage-surface-uefi-settings.md)<p></td>
+<td><p>Use Surface UEFI settings to enable or disable devices, configure security settings, and adjust Surface device boot settings.</p></td>
+</tr>
+<tr class="odd">
 <td><p>[Surface Data Eraser](microsoft-surface-data-eraser.md)</p></td>
 <td><p>Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.</p></td>
 </tr>
-<tr class="odd">
-<td><p>[Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)</p></td>
-<td><p>Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.</p></td>
-</tr>
 <tr class="even">
+<td><p>[Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)</p></td>
+<td><p>See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.</p></td>
+</tr>
+<tr class="odd">
 <td><p>[Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md)</p></td>
 <td><p>Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Surface Dock Updater](surface-dock-updater.md)</p></td>
-<td><p>This article provides a detailed walkthrough of Microsoft Surface Dock Updater.</p></td>
+<td><p>Get a detailed walkthrough of Microsoft Surface Dock Updater.</p></td>
 </tr>
 </tbody>
 </table>
--- a/devices/surface/manage-surface-dock-firmware-updates.md
+++ b/devices/surface/manage-surface-dock-firmware-updates.md
@ -2,10 +2,12 @@
 title: Manage Surface Dock firmware updates (Surface)
 description: Read about the different methods you can use to manage the process of Surface Dock firmware updates.
 ms.assetid: 86DFC0C0-C842-4CD1-A2D7-4425471FFE3F
-ms.prod: W10
+keywords: firmware, update, install, drivers
+ms.prod: w10
 ms.mktglfcycl: manage
+ms.pagetype: surface, devices
 ms.sitesec: library
-author: heatherpoulsen
+author: jobotto
 ---

 # Manage Surface Dock firmware updates
@ -13,16 +15,13 @@ author: heatherpoulsen

 Read about the different methods you can use to manage the process of Surface Dock firmware updates.

-The Surface Dock provides external connectivity to Surface devices through a single cable connection that includes Power, Ethernet, Audio, USB 3.0, and DisplayPort. The numerous connections provided by the Surface Dock are enabled by a smart chipset within the Surface Dock device. Like a Surface device’s chipset, the chipset that is built into the Surface Dock is controlled by firmware.
+The Surface Dock provides external connectivity to Surface devices through a single cable connection that includes Power, Ethernet, Audio, USB 3.0, and DisplayPort. The numerous connections provided by the Surface Dock are enabled by a smart chipset within the Surface Dock device. Like a Surface device’s chipset, the chipset that is built into the Surface Dock is controlled by firmware. For more information about the Surface Dock, see the [Surface Dock demonstration](https://technet.microsoft.com/en-us/mt697552) video.

 Like the firmware for Surface devices, firmware for Surface Dock is also contained within a downloaded driver that is visible in Device Manager. This driver stages the firmware update files on the Surface device. When a Surface Dock is connected and the driver is loaded, the newer version of the firmware staged by the driver is detected and firmware files are copied to the Surface Dock. The Surface Dock then begins a two-phase process to apply the firmware internally. Each phase requires the Surface Dock to be disconnected from the Surface device before the firmware is applied. The driver copies the firmware into the dock, but only applies it when the user disconnects the Surface device from the Surface Dock. This ensures that there are no disruptions because the firmware is only applied when the user leaves their desk with the device.

-**Note**  
-You can learn more about the firmware update process for Surface devices and how firmware is updated through driver installation at the following links:
-
-   [How to manage and update your drivers and firmware for Surface](http://go.microsoft.com/fwlink/p/?LinkId=785353) from Microsoft Mechanics
-
-   [Windows Update Makes Surface Better](http://go.microsoft.com/fwlink/p/?LinkId=785354)on the Microsoft Devices Blog
+>**Note:**&nbsp;&nbsp;You can learn more about the firmware update process for Surface devices and how firmware is updated through driver installation at the following links:<br/>
+- [How to manage and update Surface drivers and firmware](https://technet.microsoft.com/en-us/mt697551) from Microsoft Mechanics
+- [Windows Update Makes Surface Better](http://go.microsoft.com/fwlink/p/?LinkId=785354) on the Microsoft Devices Blog

  

@ -70,8 +69,7 @@ There are three methods you can use to update the firmware of the Surface Dock:

 Windows Update is the method that most users will use. The drivers for the Surface Dock are downloaded automatically from Windows Update and the dock update process is initiated without additional user interaction. The two-phase dock update process described earlier occurs in the background as the user connects and disconnects the Surface Dock during normal use.

-**Note**  
-The driver version that is displayed in Device Manager may be different from the firmware version that the Surface Dock is using.
+>**Note:**&nbsp;&nbsp;The driver version that is displayed in Device Manager may be different from the firmware version that the Surface Dock is using.

  

@ -82,10 +80,8 @@ This method is used mostly in environments where Surface device drivers and firm

 For more information about how to deploy MSI packages see [Create and deploy an application with System Center Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=785355).

-**Note**  
-When drivers are installed through Windows Update or the MSI package, registry keys are added that indicate the version of firmware installed on the Surface Dock and contained within the Surface Dock driver. These registry keys can be found in:
-
-**HLKM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\SurfaceDockFwUpdate\\Parameters**
+>**Note:**&nbsp;&nbsp;When drivers are installed through Windows Update or the MSI package, registry keys are added that indicate the version of firmware installed on the Surface Dock and contained within the Surface Dock driver. These registry keys can be found in:<br/><br/>
+  **HLKM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\SurfaceDockFwUpdate\\Parameters**

 Firmware status is displayed for both the main chipset (displayed as **Component10**) and the DisplayPort chipset (displayed as **Component20**). For each chipset there are four keys, where *xx* is **10** or **20** corresponding to each chipset:

@ -97,7 +93,7 @@ Firmware status is displayed for both the main chipset (displayed as **Component

 -   **Component*xx*FirmwareUpdateStatusRejectReason** – This key changes as the firmware update is processed. It should result in 0 after the successful installation of Surface Dock firmware.

-These registry keys are not present unless you have installed updated Surface Dock drivers through Windows Update or MSI deployment.
+>**Note:**&nbsp;&nbsp;These registry keys are not present unless you have installed updated Surface Dock drivers through Windows Update or MSI deployment.

  

--- a/devices/surface/manage-surface-pro-3-firmware-updates.md
+++ b/devices/surface/manage-surface-pro-3-firmware-updates.md
@ -2,11 +2,12 @@
 title: Manage Surface driver and firmware updates (Surface)
 description: This article describes the available options to manage firmware and driver updates for Surface devices.
 ms.assetid: CD1219BA-8EDE-4BC8-BEEF-99B50C211D73
-keywords: ["Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB"]
-ms.prod: W10
+keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB
+ms.prod: w10
 ms.mktglfcycl: manage
+ms.pagetype: surface, devices
 ms.sitesec: library
-author: heatherpoulsen
+author: jobotto
 ---

 # Manage Surface driver and firmware updates
--- a/devices/surface/manage-surface-uefi-settings.md
+++ b/devices/surface/manage-surface-uefi-settings.md
@ -0,0 +1,138 @@
+---
+title: Manage Surface UEFI settings (Surface)
+description: Use Surface UEFI settings to enable or disable devices or components, configure security settings, and adjust Surface device boot settings. 
+keywords: firmware, security, features, configure, hardware
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: devices, surface
+author: miladCA
+---
+
+#Manage Surface UEFI settings
+
+Current and future generations of Surface devices, including Surface Pro 4 and Surface Book, use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the device’s operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings. 
+
+>**Note:**&nbsp;&nbsp;Surface Pro 3, Surface 3, Surface Pro 2, Surface 2, Surface Pro, and Surface do not use the Surface UEFI and instead use firmware provided by third-party manufacturers, such as AMI.
+
+You can enter the Surface UEFI settings on your Surface device by pressing the **Volume Up** button and the **Power** button simultaneously. Hold the **Volume Up** button until the Surface logo is displayed, which indicates that the device has begun to boot. 
+
+##PC information 
+
+On the **PC information** page, detailed information about your Surface device is provided: 
+
+- **Model** – Your Surface device’s model will be displayed here, such as Surface Book or Surface Pro 4. The exact configuration of your device is not shown, (such as processor, disk size, or memory size). 
+- **UUID** – This Universally Unique Identification number is specific to your device and is used to identify the device during deployment or management. 
+
+- **Serial Number** – This number is used to identify this specific Surface device for asset tagging and support scenarios.
+- **Asset Tag** – The asset tag is assigned to the Surface device with the [Asset Tag Tool](https://www.microsoft.com/en-us/download/details.aspx?id=44076). 
+
+You will also find detailed information about the firmware of your Surface device. Surface devices have several internal components that each run different versions of firmware. The firmware version of each of the following devices is displayed on the **PC information** page (as shown in Figure 1): 
+
+- System UEFI 
+
+- SAM Controller 
+
+- Intel Management Engine 
+
+- System Embedded Controller 
+
+- Touch Firmware 
+
+*Figure 1. System information and firmware version information*
+
+![figure 1](images/manage-surface-uefi-figure-1.png)
+
+You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/en-us/support/install-update-activate/surface-update-history) for your device. 
+
+##Security 
+
+On the **Security** page of Surface UEFI settings, you can set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2): 
+
+- Uppercase letters: A-Z 
+
+- Lowercase letters: a-z 
+
+- Numbers: 1-0 
+
+- Special characters: !@#$%^&*()?<>{}[]-_=+|.,;:’`” 
+
+The password must be at least 6 characters and is case sensitive. 
+
+*Figure 2. Add a password to protect Surface UEFI settings*
+
+![figure 2](images/manage-surface-uefi-fig2.png)
+
+On the **Security** page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 3. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library.
+
+*Figure 3. Configure Secure Boot* 
+
+![figure 3](images/manage-surface-uefi-fig3.png)
+
+You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library. 
+
+*Figure 4. Configure Surface UEFI security settings*
+
+![figure 4](images/manage-surface-uefi-fig4.png)
+
+##Devices 
+
+On the **Devices** page you can enable or disable specific devices and components of your Surface device. Devices that you can enable or disable on this page include: 
+
+- Docking and USB Ports 
+
+- MicroSD or SD Card Slot 
+
+- Rear Camera 
+
+- Front Camera 
+
+- Infrared (IR) Camera 
+
+- Wi-Fi and Bluetooth 
+
+- Onboard Audio (Speakers and Microphone) 
+
+Each device is listed with a slider button that you can move to **On** (enabled) or **Off** (disabled) position, as shown in Figure 5. 
+
+*Figure 5. Enable and disable specific devices*
+
+![figure 5](images/manage-surface-uefi-fig5.png)
+
+##Boot configuration 
+
+On the **Boot Configuration** page, you can change the order of your boot devices and/or enable or disable boot of the following devices: 
+
+- Windows Boot Manager 
+
+- USB Storage 
+
+- PXE Network 
+
+- Internal Storage 
+
+You can boot from a specific device immediately, or you can swipe left on that device’s entry in the list using the touchscreen. You can also boot immediately to a USB device or USB Ethernet adapter when the Surface device is powered off by pressing the **Volume Down** button and the **Power** button simultaneously. 
+
+For the specified boot order to take effect, you must set the **Enable Alternate Boot Sequence** option to **On**, as shown in Figure 6. 
+
+*Figure 6. Configure the boot order for your Surface device* 
+
+![figure 6](images/manage-surface-uefi-fig6.png)
+
+You can also turn on and off IPv6 support for PXE with the **Enable IPv6 for PXE Network Boot** option, for example when performing a Windows deployment using PXE where the PXE server is configured for IPv4 only.  
+
+##About 
+
+The **About** page displays regulatory information, such as compliance with FCC rules, as shown in Figure 7. 
+
+*Figure 7. Regulatory information is displayed on the About page*
+
+![figure 7](images/manage-surface-uefi-fig7.png)
+
+##Exit 
+
+Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 8. 
+
+*Figure 8. Click Restart Now to exit Surface UEFI and restart the device*
+
+![figure 8](images/manage-surface-uefi-fig8.png)
--- a/devices/surface/microsoft-surface-data-eraser.md
+++ b/devices/surface/microsoft-surface-data-eraser.md
@ -2,11 +2,12 @@
 title: Microsoft Surface Data Eraser (Surface)
 description: Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.
 ms.assetid: 8DD3F9FE-5458-4467-BE26-E9200341CF10
-keywords: ["tool", "USB", "data", "erase"]
-ms.prod: W10
+keywords: tool, USB, data, erase
+ms.prod: w10
 ms.mktglfcycl: manage
+ms.pagetype: surface, devices, security
 ms.sitesec: library
-author: heatherpoulsen
+author: miladCA
 ---

 # Microsoft Surface Data Eraser
@ -40,15 +41,10 @@ Some scenarios where Microsoft Surface Data Eraser can be helpful include:

 -   Standard practice when performing reimaging for devices used with sensitive data

-**Note**  
-Third-party devices, Surface devices running Windows RT (including Surface and Surface 2), and Surface Pro are not compatible with Microsoft Surface Data Eraser.
+>**Note:**&nbsp;&nbsp;Third-party devices, Surface devices running Windows RT (including Surface and Surface 2), and Surface Pro are not compatible with Microsoft Surface Data Eraser.

- 
+>**Note:**&nbsp;&nbsp;Because the ability to boot to USB is required to run Microsoft Surface Data Eraser, if the device is not configured to boot from USB or if the device is unable to boot or POST successfully, the Microsoft Surface Data Eraser tool will not function.

-**Note**  
-Because the ability to boot to USB is required to run Microsoft Surface Data Eraser, if the device is not configured to boot from USB or if the device is unable to boot or POST successfully, the Microsoft Surface Data Eraser tool will not function.
-
- 

 ## How to create a Microsoft Surface Data Eraser USB stick

@ -74,12 +70,8 @@ After the creation tool is installed, follow these steps to create a Microsoft S
    Figure 1. Start the Microsoft Surface Data Eraser tool

 4.  Select the USB drive of your choice from the **USB Thumb Drive Selection** page as shown in Figure 2, and then click **Start** to begin the USB creation process. The drive you select will be formatted and any existing data on this drive will be lost.
-
-    **Note**  
-    If the Start button is disabled, check that your removable drive has a total capacity of at least 4 GB.
-
-     
-
+  >**Note:**&nbsp;&nbsp;If the Start button is disabled, check that your removable drive has a total capacity of at least 4 GB.
+  
    ![figure 2](images/dataeraser-usb-selection.png)

    Figure 2. USB thumb drive selection
--- a/devices/surface/microsoft-surface-deployment-accelerator.md
+++ b/devices/surface/microsoft-surface-deployment-accelerator.md
@ -2,11 +2,12 @@
 title: Microsoft Surface Deployment Accelerator (Surface)
 description: Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.
 ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4
-keywords: ["deploy", "install", "tool"]
-ms.prod: W10
+keywords: deploy, install, tool
+ms.prod: w10
 ms.mktglfcycl: deploy
+ms.pagetype: surface, devices
 ms.sitesec: library
-author: heatherpoulsen
+author: miladCA
 ---

 # Microsoft Surface Deployment Accelerator
@ -20,7 +21,7 @@ Microsoft Surface Deployment Accelerator is built on the powerful suite of deplo

 You can find more information about how to deploy to Surface devices, including step-by-step walkthroughs of customized deployment solution implementation, on the Deploy page of the [Surface TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=691693).

-### Download Microsoft Surface Deployment Accelerator
+**Download Microsoft Surface Deployment Accelerator**

 You can download the installation files for Microsoft Surface Deployment Accelerator from the Microsoft Download Center. To download the installation files:

@ -60,8 +61,7 @@ When the Microsoft Surface Deployment Accelerator completes, you can use the dep

 You can modify the task sequence in the MDT Deployment Workbench to [include your own apps](http://go.microsoft.com/fwlink/p/?linkid=691700), or to [pause the automated installation routine](http://go.microsoft.com/fwlink/p/?linkid=691701). While the installation is paused, you can make changes to customize your reference image. After the image is captured, you can configure a deployment task sequence and distribute this custom configuration by using the same network boot capabilities as before.

-**Note**  
-With Microsoft Surface Deployment Accelerator v1.9.0258, Surface Pro 3, Surface Pro 4, and Surface Book are supported for Windows 10 deployment, and Surface Pro 3 is supported for Windows 8.1 deployment.
+>**Note:**&nbsp;&nbsp;With Microsoft Surface Deployment Accelerator v1.9.0258, Surface Pro 3, Surface Pro 4, and Surface Book are supported for Windows 10 deployment, and Surface Pro 3 is supported for Windows 8.1 deployment.

  

@ -76,8 +76,7 @@ Figure 2. Specify a local source for Surface driver and app files

 You can find a full list of available driver downloads at [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)

-**Note**  
-Downloaded files do not need to be extracted. The downloaded files can be left as .zip files as long as they are stored in one folder.
+>**Note:**&nbsp;&nbsp;Downloaded files do not need to be extracted. The downloaded files can be left as .zip files as long as they are stored in one folder.

  

--- a/devices/surface/step-by-step-surface-deployment-accelerator.md
+++ b/devices/surface/step-by-step-surface-deployment-accelerator.md
@ -2,11 +2,12 @@
 title: Step by step Surface Deployment Accelerator (Surface)
 description: This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices.
 ms.assetid: A944FB9C-4D81-4868-AFF6-B9D1F5CF1032
-keywords: ["deploy, configure"]
-ms.prod: W10
+keywords: deploy, configure
+ms.prod: w10
 ms.mktglfcycl: deploy
+ms.pagetype: surface, devices
 ms.sitesec: library
-author: heatherpoulsen
+author: miladCA
 ---

 # Step by step: Surface Deployment Accelerator
@ -37,8 +38,7 @@ The tool installs in the Surface Deployment Accelerator program group, as shown

 Figure 2. The Surface Deployment Accelerator program group and icon

-**Note**  
-At this point the tool has not yet prepared any deployment environment or downloaded any materials from the Internet.
+>**Note:**&nbsp;&nbsp;At this point the tool has not yet prepared any deployment environment or downloaded any materials from the Internet.

  

@ -47,8 +47,7 @@ At this point the tool has not yet prepared any deployment environment or downlo

 The following steps show how you create a deployment share for Windows 10 that supports Surface Pro 3, Surface Pro 4, Surface Book, the Surface Firmware Tool, and the Surface Asset Tag Tool. As you follow the steps below, make the selections that are applicable for your organization. For example, you could choose to deploy Windows 10 to Surface Book only, without any of the Surface apps.

-**Note**  
-SDA lets you create deployment shares for both Windows 8.1 and Windows 10 deployments, but you can only create a single deployment share at a time. Therefore, to create both Windows 8.1 and Windows 10 deployment shares, you will need to run the tool twice.
+>**Note:**&nbsp;&nbsp;SDA lets you create deployment shares for both Windows 8.1 and Windows 10 deployments, but you can only create a single deployment share at a time. Therefore, to create both Windows 8.1 and Windows 10 deployment shares, you will need to run the tool twice.

  

@ -116,8 +115,7 @@ SDA lets you create deployment shares for both Windows 8.1 and Windows 10 depl

 If you are unable to connect to the Internet with your deployment server, or if you want to download the Surface drivers and apps separately, you can specify a local source for the driver an app files at the time of deployment share creation. On the **Configure** page of the SDA wizard, select the **Copy from a Local Directory** check box, as shown in Figure 6. The **Download from the Internet** check box will be automatically deselected. Enter the folder location where you have placed the driver and app files in the **Local Path** field, as shown in Figure 6.

-**Note**  
-All of the downloaded driver and applications files must be located in the same folder. The driver and app files do not need to be extracted from the downloaded .zip files.
+>**Note:**&nbsp;&nbsp;All of the downloaded driver and applications files must be located in the same folder. The driver and app files do not need to be extracted from the downloaded .zip files.

  

@ -125,8 +123,7 @@ All of the downloaded driver and applications files must be located in the same

 Figure 6. Specify the Surface driver and app files from a local path

-**Note**  
-The **Copy from a Local Directory** check box is only available in SDA version 1.90.0221 or later.
+>**Note:**&nbsp;&nbsp;The **Copy from a Local Directory** check box is only available in SDA version 1.90.0221 or later.

  

@ -134,8 +131,7 @@ The **Copy from a Local Directory** check box is only available in SDA version 1

 You can use USB media to perform an SDA deployment if your Surface device is unable to boot from the network. For example, if you do not have a Microsoft Surface Ethernet Adapter or Microsoft Surface dock to facilitate network boot (PXE boot). The USB drive produced by following these steps includes a complete copy of the SDA deployment share and can be run on a Surface device without a network connection.

-**Note**  
-The offline media files for the complete SDA deployment share are approximately 9 GB in size. Your USB drive must be at least 9 GB in size. A 16 GB USB drive is recommended.
+>**Note:**&nbsp;&nbsp;The offline media files for the complete SDA deployment share are approximately 9 GB in size. Your USB drive must be at least 9 GB in size. A 16 GB USB drive is recommended.

  

@ -149,8 +145,7 @@ Before you can create bootable media files within the MDT Deployment Workbench o

 4.  **clean** – Removes all configuration from your USB drive.

-    **Warning**  
-    This step will remove all information from your drive. Verify that your USB drive does not contain any needed data before you perform the **clean** command.
+    >**Warning:**&nbsp;&nbsp;This step will remove all information from your drive. Verify that your USB drive does not contain any needed data before you perform the **clean** command.

     

@ -168,8 +163,7 @@ Before you can create bootable media files within the MDT Deployment Workbench o

    Figure 7. Use DiskPart to prepare a USB drive for boot

-    **Note**  
-    You can format your USB drive with FAT32 from Disk Management, but you must still use DiskPart to set the partition as active for the drive to boot properly.
+    >**Note:**&nbsp;&nbsp;You can format your USB drive with FAT32 from Disk Management, but you must still use DiskPart to set the partition as active for the drive to boot properly.

     

@ -276,8 +270,7 @@ When you run the task sequence, you will be prompted to provide the following in

 -   A product key, if one is required

-    **Note**  
-    If you are deploying the same version of Windows as the version that came on your device, no product key is required.
+    >**Note:**&nbsp;&nbsp;If you are deploying the same version of Windows as the version that came on your device, no product key is required.

     

@ -293,8 +286,7 @@ The **2 – Create Windows Reference Image** task sequence is used to perform a

 Like the **1 – Deploy Microsoft Surface** task sequence, the **2 – Create Windows Reference Image** task sequence performs a deployment of the unaltered Windows image directly from the installation media. Creation of a reference image should always be performed on a virtual machine. Using a virtual machine as your reference system helps to ensure that the resulting image is compatible with different hardware configurations.

-**Note**  
-Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information see [Deploy a Windows 10 image using MDT 2013 Update 1](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).
+>**Note:**&nbsp;&nbsp;Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information see [Deploy a Windows 10 image using MDT 2013 Update 1](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).

  

--- a/devices/surface/surface-diagnostic-toolkit.md
+++ b/devices/surface/surface-diagnostic-toolkit.md
@ -2,11 +2,12 @@
 title: Microsoft Surface Diagnostic Toolkit (Surface)
 description: Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.
 ms.assetid: FC4C3E76-3613-4A84-A384-85FE8809BEF1
-keywords: ["hardware, device, tool, test, component"]
-ms.prod: W8
+keywords: hardware, device, tool, test, component
+ms.prod: w10
 ms.mktglfcycl: manage
+ms.pagetype: surface, devices
 ms.sitesec: library
-author: heatherpoulsen
+author: miladCA
 ---

 # Microsoft Surface Diagnostic Toolkit
@ -16,346 +17,285 @@ Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the ha

 The [Microsoft Surface Diagnostic Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=618121) is a small, portable diagnostic tool that runs through a suite of tests to diagnose the hardware of Surface devices. The Microsoft Surface Diagnostic Toolkit executable file is less than 3 MB, which allows it to be distributed through email. It does not require installation, so it can be run directly from a USB stick or over the network. The Microsoft Surface Diagnostic Toolkit walks you through several tests of individual components including the touchscreen, cameras, and sensors.

-**Note**  
-A Surface device must boot into Windows to run the Microsoft Surface Diagnostic Toolkit. The Microsoft Surface Diagnostic Toolkit will run only on the following Surface devices:
+>**Note:**&nbsp;&nbsp;A Surface device must boot into Windows to run the Microsoft Surface Diagnostic Toolkit. The Microsoft Surface Diagnostic Toolkit will run only on the following Surface devices:

-   Surface Book
+- Surface Book

-   Surface Pro 4
+- Surface Pro 4

-   Surface 3 LTE
+- Surface 3 LTE

-   Surface 3
+- Surface 3

-   Surface Pro 3
+- Surface Pro 3

-   Surface Pro 2
+- Surface Pro 2

-   Surface Pro
+- Surface Pro

- 
-
-**Note**  
-Security software and built-in security measures in many email applications and services will block executable files that are transferred through email. To email the Surface Diagnostic Toolkit, attach the .zip archive file as downloaded from the Surface Tools for IT page without extracting it first. You can also create a custom .zip archive that contains the .exe file. (For example, if you want to localize the text as described in the [Localization](#localization) section of this article.)
-
- 
+>**Note:**&nbsp;&nbsp;Security software and built-in security measures in many email applications and services will block executable files that are transferred through email. To email the Surface Diagnostic Toolkit, attach the .zip archive file as downloaded from the Surface Tools for IT page without extracting it first. You can also create a custom .zip archive that contains the .exe file. (For example, if you want to localize the text as described in the [Localization](#localization) section of this article.)

 Running the Microsoft Surface Diagnostic Toolkit is a hands-on activity. The test sequence includes several tests that require you to perform actions or observe the outcome of the test, and then click the applicable **Pass** or **Fail** button. Some tests require connectivity to external devices, like an external display. Other tests use the built in Windows troubleshooters. At the end of testing, a visual report of the test results is displayed and you are given the option to save a log file or copy the results to the clipboard.

 To run a full set of tests with the Microsoft Surface Diagnostic Toolkit, you should be prepared with the following items:

-   An external display with the appropriate HDMI or DisplayPort connection
+- An external display with the appropriate HDMI or DisplayPort connection

-   A Bluetooth device that can be put into pairing mode
+- A Bluetooth device that can be put into pairing mode

-   A MicroSD or SD card that is compatible with your Surface device
+- A MicroSD or SD card that is compatible with your Surface device

-   A Surface Pen
+- A Surface Pen

-   Room to move the Surface device around
+- Room to move the Surface device around

-   External speakers or headphones
+- External speakers or headphones

-**Note**  
-The Microsoft Surface Diagnostic Toolkit tests verify only the hardware of a Surface device and do not test or resolve issues with the operating system or software.
+>**Note:**&nbsp;&nbsp;The Microsoft Surface Diagnostic Toolkit tests verify only the hardware of a Surface device and do not test or resolve issues with the operating system or software.

  

-## <a href="" id="the-tests--"></a>The tests
+## The tests


 The Microsoft Surface Diagnostic Toolkit runs several individual tests on a Surface device. Not all tests are applicable to every device. For example, the Home button test is not applicable to Surface Pro 4 where there is no Home button. You can specify which tests to run, or you can choose to run all tests. For tests that require external devices (such as testing output to an external display) but you do not have the required external device at the time of the test, you are given the option to skip the test. If a test fails, you are prompted to continue or stop testing at that time.

-### Windows Update
+#### Windows Update

 This test checks for any outstanding Windows updates and will prompt you to install those updates before you proceed to other tests. It is important to keep a Surface device up to date with the latest Windows updates, including drivers and firmware for the Surface device. The success of some of the tests that are performed later in the task sequence depend on these updated drivers and firmware. You will be prompted to restart the device if required by Windows Update. If you must restart the device, you will need to start the Microsoft Surface Diagnostic Toolkit again.

-### <a href="" id="device-information--"></a>Device information
+#### Device information

 This test reads the Device ID and serial number in addition to basic system information such as device model, operating system version, processor, memory, and storage. The Device ID is recorded in the name of the log file and can be used to identify a log file for a specific device. Several system log files are also collected, including update and rollback logs, and output from several Windows built-in tools, such as [DirectX Diagnostics](http://go.microsoft.com/fwlink/p/?LinkId=746476) and [System Information](http://go.microsoft.com/fwlink/p/?LinkId=746477), power configuration, disk health, and event logs. See the following list for a full set of collected log files:

-   Output of **Get-WindowsUpdateLog** if the operating system is Windows 10
+- Output of **Get-WindowsUpdateLog** if the operating system is Windows 10

-   **%windir%\\Logs**
+- **%windir%\\Logs**

-   **%windir%\\Panther**
+- **%windir%\\Panther**

-   **%windir%\\System32\\sysprep\\Panther**
+- **%windir%\\System32\\sysprep\\Panther**

-   **%windir%\\System32\\WinEvt\\Logs**
+- **%windir%\\System32\\WinEvt\\Logs**

-   **$windows.~bt\\Sources\\Panther**
+- **$windows.~bt\\Sources\\Panther**

-   **$windows.~bt\\Sources\\Rollback**
+- **$windows.~bt\\Sources\\Rollback**

-   **%windir%\\System32\\WinEvt\\Logs**
+- **%windir%\\System32\\WinEvt\\Logs**

-   Output of **dxdiag.exe /t**
+- Output of **dxdiag.exe /t**

-   Output of **msinfo32.exe /report**
+- Output of **msinfo32.exe /report**

-   Output of **powercfg.exe /batteryreport**
+- Output of **powercfg.exe /batteryreport**

-   Output of **powercfg.exe /sleepstudy**
+- Output of **powercfg.exe /sleepstudy**

-   Output of **wevtutil.exe epl System**
+- Output of **wevtutil.exe epl System**

-   Events from:
+- Events from:

-    -   **Chkdsk**
+    - **Chkdsk**

-    -   **Microsoft-Windows-Ntfs**
+    - **Microsoft-Windows-Ntfs**

-    -   **Microsoft-Windows-WER-SystemErrorReporting**
+    - **Microsoft-Windows-WER-SystemErrorReporting**

-    -   **Microsoft-Windows-Startuprepair**
+    - **Microsoft-Windows-Startuprepair**

-    -   **Microsoft-Windows-kernel-Power**
+    - **Microsoft-Windows-kernel-Power**

-   Output of **powercfg.exe /q**
+- Output of **powercfg.exe /q**

-   Output of **powercfg.exe /qh**
+- Output of **powercfg.exe /qh**

-   **%windir%\\Inf\\SetupApi\*.log**
+- **%windir%\\Inf\\SetupApi\*.log**

 These files and logs are stored in a .zip file saved by the Microsoft Surface Diagnostic Toolkit when all selected tests have completed alongside the Microsoft Surface Diagnostic Toolkit log file.

-### <a href="" id="type-cover--test"></a>Type Cover test
+#### Type Cover test

-**Note**  
-A Surface Type Cover is required for this test.
+>**Note:**&nbsp;&nbsp;A Surface Type Cover is required for this test.

- 

 If a Surface Type Cover is not detected, the test prompts you to connect the Type Cover. When a Type Cover is detected the test prompts you to use the keyboard and touchpad. The cursor should move while you swipe the touchpad, and the keyboard Windows key should bring up the Start menu or Start screen to successfully pass this test. You can skip this test if a Type Cover is not used with the Surface device.

-### Integrated keyboard test
+#### Integrated keyboard test

-**Note**  
-This test is only applicable to Surface Book and requires that the Surface Book be docked to the keyboard.
-
- 
+>**Note:**&nbsp;&nbsp;This test is only applicable to Surface Book and requires that the Surface Book be docked to the keyboard.

 This test is essentially the same as the Type Cover test, except the integrated keyboard in the Surface Book base is tested rather than the Type Cover. Move the cursor and use the Windows key to bring up the Start menu to confirm that the touchpad and keyboard are operating successfully. This test will display the status of cursor movement and keyboard input for you to verify. Press **ESC** to complete the test.

-### Canvas mode battery test
+#### Canvas mode battery test

-**Note**  
-This test is only applicable to Surface Book.
-
- 
+>**Note:**&nbsp;&nbsp;This test is only applicable to Surface Book.

 Depending on which mode Surface Book is in, different batteries are used to power the device. When Surface Book is in clipboard mode (detached form the keyboard) it uses an internal battery, and when it is connected in either laptop mode or canvas mode it uses different connections to the battery in the keyboard. In canvas mode, the screen is connected to the keyboard so that when the device is closed, the screen remains face-up and visible. Connect the Surface Book to the keyboard in this manner for the test to automatically proceed.

-### Clipboard mode battery test
+#### Clipboard mode battery test

-**Note**  
-This test is only applicable to Surface Book.
-
- 
+>**Note:**&nbsp;&nbsp;This test is only applicable to Surface Book.

 Disconnect the Surface Book from the keyboard to work in clipboard mode. In clipboard mode the Surface Book operates from an internal battery that is tested when the Surface Book is disconnected from the keyboard. Disconnecting the Surface Book from the keyboard will also disconnect the Surface Book from power and will automatically begin this test.

-### Laptop mode battery test
+#### Laptop mode battery test

-**Note**  
-This test is only applicable to Surface Book.
-
- 
+>**Note:**&nbsp;&nbsp;This test is only applicable to Surface Book.

 Connect the Surface Book to the keyboard in the opposite fashion to canvas mode in laptop mode. In laptop mode the screen will face you when the device is open and the device can be used in the same way as any other laptop. Disconnect AC Power from the laptop base when prompted for this test to check the battery status.

-### <a href="" id="battery--test"></a>Battery test
+#### Battery test

 In this test the battery is discharged for a few seconds and tested for health and estimated runtime. You are prompted to disconnect the power adapter and then to reconnect the power adapter when the test is complete.

-### Discrete graphics (dGPU) test
+#### Discrete graphics (dGPU) test

-**Note**  
-This test is only applicable to Surface Book models with a discrete graphics processor.
-
- 
+>**Note:**&nbsp;&nbsp;This test is only applicable to Surface Book models with a discrete graphics processor.

 This test will query the device information of current hardware to check for the presence of both the Intel integrated graphics processor in the Surface Book and the NVIDIA discrete graphics processor in the Surface Book keyboard. The keyboard must be attached for this test to function.

-### Discrete graphics (dGPU) fan test
+#### Discrete graphics (dGPU) fan test

-**Note**  
-This test is only applicable to Surface Book models with a discrete graphics processor.
-
- 
+>**Note:**&nbsp;&nbsp;This test is only applicable to Surface Book models with a discrete graphics processor.

 The discrete graphics processor in the Surface Book includes a separate cooling fan. The fan is turned on automatically by the test for 5 seconds. Listen for the sound of the fan in the keyboard and report if the fan is working correctly when prompted.

-### Muscle wire test
+#### Muscle wire test

-**Note**  
-This test is only applicable to Surface Book.
-
- 
+>**Note:**&nbsp;&nbsp;This test is only applicable to Surface Book.

 To disconnect the Surface Book from the keyboard, software must instruct the muscle wire latch mechanism to open. This is typically accomplished by pressing and holding the undock key on the keyboard. This test sends the same signal to the latch, which unlocks the Surface Book from the Surface Book keyboard. Remove the Surface Book from the keyboard when you are prompted to do so.

-### Dead pixel and display artifacts tests
+#### Dead pixel and display artifacts tests

-**Note**  
-Before you run this test, be sure to clean the screen of dust or smudges.
-
- 
+>**Note:**&nbsp;&nbsp;Before you run this test, be sure to clean the screen of dust or smudges.

 This test prompts you to view the display in search of malfunctioning pixels. The test displays full-screen, single-color images including black, white, red, green, and blue. Pixels that remain bright or dark when the screen displays an image of a different color indicate a failed test. You should also look for distortion or variance in the color of the screen.

-### <a href="" id="digitizer-edges--"></a>Digitizer edges
+#### Digitizer edges

 The touchscreen of a Surface device should detect when a user swipes in from the left or right side of the screen. This test prompts you to swipe in from the edges of the screen to bring up the Action Center and Task View. Both Action Center and Task View should launch to pass this test.

-### <a href="" id="digitizer-pinch--"></a>Digitizer pinch
+#### Digitizer pinch

 The pinch gesture (when you bring two fingers closer together or farther apart) is used to manipulate zoom and to position content through the touchscreen. This test displays an image in Windows Picture Viewer and prompts you to zoom in, move, and zoom out of the picture. The picture should zoom in, move, and zoom out as the gestures are performed.

-### <a href="" id="digitizer-touch--"></a>Digitizer touch
+#### Digitizer touch

 The Surface touchscreen should detect input across the entire screen of the device equally. To perform this test a series of lines are displayed on the screen for you to trace with a finger in search of unresponsive areas. The lines traced across the screen should appear continuous for the length of the line as drawn with your finger.

-### <a href="" id="digitizer-pen--test"></a>Digitizer pen test
+#### Digitizer pen test

-**Note**  
-A Microsoft Surface Pen is required for this test.
-
- 
+>**Note:**&nbsp;&nbsp;A Microsoft Surface Pen is required for this test.

 This test displays the same lines as those that are displayed during the Digitizer Touch test, but your input is performed with a Surface Pen instead of your finger. The lines should remain unbroken for as long as the Pen is pressed to the screen. Trace all of the lines in the image to look for unresponsive areas across the entire screen of the Surface device.

-### <a href="" id="digitizer-multi-touch--"></a>Digitizer multi touch
+#### Digitizer multi touch

 The Surface touchscreen is capable of detecting 10 fingers simultaneously. Place all of your fingers on the screen simultaneously to perform this test. The screen will show the number of points detected, which should match the number of fingers you have on the screen.

-### <a href="" id="home-button-test--"></a>Home button test
+#### Home button test

 The Home button or Windows button on your Surface device is used to bring up the Start screen or Start menu. This test is successful if the Start screen or Start menu is displayed when the Windows button is pressed. This test is not displayed on Surface Pro 4 because no Windows button exists.

-### <a href="" id="volume-rocker--test"></a>Volume rocker test
+#### Volume rocker test

 This test prompts you to use the volume rocker to turn the volume all the way up, all the way down, and then all the way up again. To pass this test, the volume slider should move up and down as the rocker is pressed.

-### <a href="" id="micro-sd-or-sd--slot-test--"></a>Micro SD or SD slot test
+#### Micro SD or SD slot test

-**Note**  
-This test requires a micro SD or SD card that is compatible with the slot in your Surface device.
-
- 
+>**Note:**&nbsp;&nbsp;This test requires a micro SD or SD card that is compatible with the slot in your Surface device.

 Insert a micro SD or SD card when you are prompted. When the SD card is detected, the test prompts you to remove the SD card to ensure that the card is not left in the device. During this test a small file is written to the SD card and then verified. Detection and verification of the SD card automatically passes this test without additional input.

-### <a href="" id="microphone--test"></a>Microphone test
+#### Microphone test

 This test displays the **Recording** tab of the Sound item in Control Panel. The test prompts you to monitor the meter that is displayed next to the **Microphone Array** recording device. A recommended test is to speak and watch for your speech to be detected in the meter. If the meter moves when you speak, the microphone is working correctly. For Surface Book you will be prompted to tap locations near the microphones. This tapping should produce noticeable spikes in the audio meter.

-### <a href="" id="video-out--test"></a>Video out test
+#### Video out test

-**Note**  
-This test requires an external display with the applicable connection for your Surface device.
-
- 
+>**Note:**&nbsp;&nbsp;This test requires an external display with the applicable connection for your Surface device.

 Surface devices provide a Mini DisplayPort connection for connecting to an external display. Connect your display through the Mini DisplayPort on the device when prompted. The display should be detected automatically and an image should appear on the external display.

-### <a href="" id="bluetooth--test"></a>Bluetooth test
+#### Bluetooth test

-**Note**  
-This test requires a Bluetooth device. The device must be set to pairing mode or made discoverable to perform this test.
-
- 
+>**Note:**&nbsp;&nbsp;This test requires a Bluetooth device. The device must be set to pairing mode or made discoverable to perform this test.

 After you receive a prompt to put the device in pairing mode, the test opens the **Add a device** window and begins to search for discoverable Bluetooth devices. Watch the **Add a device** window to verify that your Bluetooth device is detected. Select your Bluetooth device from the list and connect to the device to complete the test.

-### <a href="" id="camera-test--"></a>Camera test
+#### Camera test

 Use this test to verify that the cameras on your Surface device are operating properly. Images will be displayed from both the front and rear cameras, and the infrared camera on a Surface Pro 4. Continuous autofocus can be enabled on the rear camera. Move the device closer and farther away from an object to verify the operation of continuous autofocus.

-### <a href="" id="speaker-test--"></a>Speaker test
+#### Speaker test

-**Note**  
-Headphones or external speakers are required to test the headphone jack in this test.
-
- 
+>**Note:**&nbsp;&nbsp;Headphones or external speakers are required to test the headphone jack in this test.

 This test plays audio over left and right channels respectively, both for the internal speakers and for speakers or headphones connected to the headphone jack. Mark each channel as a pass or fail as you hear the audio play.

-### <a href="" id="network-test--"></a>Network test
+#### Network test

-**Note**  
-Connect the Surface device to a Wi-Fi network before you run this test. Connections that are made during the test are removed when the test is completed.
-
- 
+>**Note:**&nbsp;&nbsp;Connect the Surface device to a Wi-Fi network before you run this test. Connections that are made during the test are removed when the test is completed.

 This test uses the Windows Network Diagnostics built in troubleshooter to diagnose potential issues with network connectivity, including proxy configuration, DNS problems, and IP address conflicts. An event log is saved by this test in Windows logs and is visible in the Windows Event Viewer. The Event ID is 6100.

-### <a href="" id="power-test--"></a>Power test
+#### Power test

 Settings such as display brightness, the elapsed time until the screen sleeps, and the elapsed time until device sleeps, are checked against default values with the Power built-in troubleshooter. The troubleshooter will automatically correct settings that may prevent the device from conserving power or entering sleep mode.

-### <a href="" id="mobile-broadband-test--"></a>Mobile broadband test
+#### Mobile broadband test

 This test prompts you to enable mobile broadband and attempts to browse to http://www.bing.com. This test is only applicable to Surface devices that come equipped with mobile broadband, such as Surface 3 LTE.

-### Accelerometer test
+#### Accelerometer test

 The accelerometer detects lateral, longitudinal, and vertical movements of the Surface device. This test prompts you to pick up and move the Surface device forward and backward, to the left and to the right, and up and down, to test the sensor for directional movement. The test automatically passes when movement is detected.

-### <a href="" id="gyrometer-test--"></a>Gyrometer test
+#### Gyrometer test

 The gyrometer detects pitch, roll, and yaw movements. This test prompts you to pick up and rotate the Surface device to test the sensors for angular movement. The test automatically passes when movement is detected.

-### <a href="" id="compass-test--"></a>Compass test
+#### Compass test

 The compass detects which direction the Surface device is facing relative to north, south, east, and west. Turn the Surface device to face in different directions to test the sensor. The test automatically passes when a change in direction is detected.

-### <a href="" id="ambient-light-test--"></a>Ambient light test
+#### Ambient light test

 The ambient light sensor is used to automatically adjust screen brightness relative to the ambient lighting in the environment. Turn the device toward or away from a light source to cause the screen to dim or brighten in response increased or decreased light. The test automatically passes when the screen brightness automatically changes.

-### <a href="" id="device-orientation-test--"></a>Device orientation test
+#### Device orientation test

-**Note**  
-Before you run this test, disable rotation lock from the Action Center if enabled.
-
- 
+>**Note:**&nbsp;&nbsp;Before you run this test, disable rotation lock from the Action Center if enabled.

 The device orientation sensor determines what the angle of the Surface device is, relative to the ground. Rotate the display 90 degrees or 180 degrees to cause the screen orientation to switch between portrait and landscape mode. The test automatically passes when the screen orientation switches.

-### <a href="" id="brightness-test--"></a>Brightness test
+#### Brightness test

 This test cycles the screen through brightness levels from 0 percent to 100 percent, and then a message is displayed to confirm if the brightness level changed accordingly. You are then prompted to disconnect the power adapter. The screen should automatically dim when power is disconnected.

-### <a href="" id="system-assessment--"></a>System assessment
+#### System assessment

-**Note**  
-The Surface device must be connected to AC power before you can run this test.
-
- 
+>**Note:**&nbsp;&nbsp;The Surface device must be connected to AC power before you can run this test.

 The Windows System Assessment Tool (WinSAT) runs a series of benchmarks against the processor, memory, video adapter, and storage devices. The results include the processing speed of various algorithms, read and write performance of memory and storage, and performance in several Direct3D graphical tests.

-### Performance Monitor test
+#### Performance Monitor test

 Performance and diagnostic trace logs are recorded from Performance Monitor for 30 seconds and collected in the .zip file output of the Microsoft Surface Diagnostic Toolkit by this test. You can analyze these trace logs with the [Windows Performance Analyzer](http://go.microsoft.com/fwlink/p/?LinkId=746486) to identify causes of application crashes, performance issues, or other undesirable behavior in Windows.

-### Crash dump collection
+#### Crash dump collection

 If your Surface device has encountered an error that caused the device to fail or produce a blue screen error, this stage of the Microsoft Surface Diagnostic Toolkit records the information from the automatically recorded crash dump files in the diagnostic log. You can use these crash dump files to identify a faulty driver, hardware component, or application through analysis. Use the [Windows Debugging Tool](http://go.microsoft.com/fwlink/p/?LinkId=746488) to analyze these files. If you are not familiar with the analysis of crash dump files, you can describe your issue and post a link to your crash dump files (uploaded to OneDrive or another file sharing service) in the [Windows TechNet Forums](http://go.microsoft.com/fwlink/p/?LinkId=746489).

-## <a href="" id="command-line--"></a>Command line
-
+## Command line

 You can run the Microsoft Surface Diagnostic Toolkit from the command line or as part of a script. The tool supports the following arguments:

-**Note**  
-Many of the tests performed by the Microsoft Surface Diagnostic Toolkit require technician interaction. The Microsoft Surface Diagnostic Toolkit cannot run unattended.
+>**Note:**&nbsp;&nbsp;Many of the tests performed by the Microsoft Surface Diagnostic Toolkit require technician interaction. The Microsoft Surface Diagnostic Toolkit cannot run unattended.

- 
-
-### <a href="" id="exclude--"></a>exclude
+#### exclude

 Use this argument to exclude specific tests.

@ -449,7 +389,7 @@ See the following list for test names:

 -   WindowsUpdateCheckTest

-### forceplatformsupport
+#### forceplatformsupport

 Use this argument to force tests to run when the make and model of the device is not properly detected by Windows. Surface Diagnostic Toolkit is intended to run only on Surface devices.

@ -459,7 +399,7 @@ Example:
 Surface_Diagnostic_Toolkit_1.0.60.0.exe forceplatformsupport
 ```

-### include
+#### include

 Use this argument to include tests when you run Microsoft Surface Diagnostic Toolkit from the command line. Tests specified by the **Include** command will be run even if the test is not supported on the model of Surface device. In the following example, the Surface Book specific tests for the latch mechanism and discrete graphics will be run, even if the command is run on a Surface Pro 4 or other Surface model.

@ -469,7 +409,7 @@ Example:
 Surface_Diagnostic_Toolkit_1.0.60.0.exe “include=DualGraphicsTest,FanTest,MuscleWireTest”
 ```

-### <a href="" id="logpath--"></a>logpath
+#### logpath

 Use this argument to specify the path for the log file.

@ -506,8 +446,7 @@ By default, the Microsoft Surface Diagnostic Toolkit is available in English onl

 6.  Save the SurfaceDiagnosticTool\_v1.0.60.0.locale file.

-**Note**  
-The SurfaceDiganosticTool\_v1.0.60.0.locale file must be located in the same folder and have the same name other than the file extension as the Microsoft Surface Diagnostic Toolkit executable file to use the custom prompt text. The SurfaceDiganosticTool\_v1.0.60.0.locale is an .xml file and must use UTF-8 encoding.
+>**Note:**&nbsp;&nbsp;The SurfaceDiganosticTool\_v1.0.60.0.locale file must be located in the same folder and have the same name other than the file extension as the Microsoft Surface Diagnostic Toolkit executable file to use the custom prompt text. The SurfaceDiganosticTool\_v1.0.60.0.locale is an .xml file and must use UTF-8 encoding.

  

--- a/devices/surface/surface-dock-updater.md
+++ b/devices/surface/surface-dock-updater.md
@ -2,10 +2,12 @@
 title: Microsoft Surface Dock Updater (Surface)
 description: This article provides a detailed walkthrough of Microsoft Surface Dock Updater.
 ms.assetid: 1FEFF277-F7D1-4CB4-8898-FDFE8CBE1D5C
-ms.prod: W10
+keywords: install, update, firmware
+ms.prod: w10
 ms.mktglfcycl: manage
+ms.pagetype: surface, devices
 ms.sitesec: library
-author: heatherpoulsen
+author: jobotto
 ---

 # Microsoft Surface Dock Updater
@ -17,8 +19,7 @@ The [Microsoft Surface Dock Updater](http://go.microsoft.com/fwlink/p/?LinkId=61

 When you run the Microsoft Surface Dock Updater installer you will be prompted to accept an End User License Agreement (EULA).

-**Note**  
-Updating Surface Dock firmware requires connectivity to the Surface Dock, available only on Surface Pro 3, Surface Pro 4, and Surface Book devices. A Surface Pro 3, Surface Pro 4, or Surface Book is required to successfully install Microsoft Surface Dock Updater.
+>**Note:**&nbsp;&nbsp;Updating Surface Dock firmware requires connectivity to the Surface Dock, available only on Surface Pro 3, Surface Pro 4, and Surface Book devices. A Surface Pro 3, Surface Pro 4, or Surface Book is required to successfully install Microsoft Surface Dock Updater.

 ## Update a Surface Dock with Microsoft Surface Dock Updater

@ -73,8 +74,7 @@ To update a Surface Dock with Microsoft Surface Dock Updater, follow these steps

 9.  If you want to update multiple Surface Docks in one sitting, you can click the **Update another Surface Dock** button to begin the process on the next Surface Dock.

-    **Note**  
-    The LED in the Ethernet port of the dock will blink while the update is in progress. Please wait until the LED stops blinking before you unplug your Surface Dock from power.
+    >**Note:**&nbsp;&nbsp;The LED in the Ethernet port of the dock will blink while the update is in progress. Please wait until the LED stops blinking before you unplug your Surface Dock from power.

     

@ -96,11 +96,12 @@ Microsoft Surface Dock Updater logs its progress into the Event Log, as shown in
 | 12102    | Event in the DisplayPort chipset firmware update process |
 | 12105    | Error                                                    |

- 
-![figure 8](images/surfacedockupdater-fig8-737test.png)

 Figure 8. Surface Dock Updater events in Event Viewer

+![figure 8](images/surfacedockupdater-fig8-737test.png)
+
+
 ## Related topics


--- a/education/windows/TOC.md
+++ b/education/windows/TOC.md
@ -0,0 +1,10 @@
+# [Windows 10 for education](index.md)
+## [Change history for Windows 10 for Education](change-history-edu.md)
+## [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md)
+## [Technical reference for the Set up School PCs app (Preview)](set-up-school-pcs-technical.md)
+## [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md)
+### [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md)
+### [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md)
+### [Take a Test app technical reference (Preview)](take-a-test-app-technical.md) 
+## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
+## [Chromebook migration guide](chromebook-migration-guide.md)
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@ -0,0 +1,22 @@
+---
+title: Change history for Windows 10 for Education (Windows 10)
+description: New and changed topics in Windows 10 for Education
+ms.prod: W10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Change history for Windows 10 for Education
+
+This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
+
+## May 2016
+
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | New  |
+| [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md) | New  |
+| [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md) </br> [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md) </br> [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md) </br> [Take a Test app technical reference (Preview)](take-a-test-app-technical.md) | New |
+| [Chromebook migration guide](chromebook-migration-guide.md)  | Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in November 2015 |
+| [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)  |  Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in May 2016 |
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@ -0,0 +1,962 @@
+---
+title: Chromebook migration guide (Windows 10)
+description: In this guide you will learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment.
+ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA
+keywords: ["migrate", "automate", "device"]
+ms.prod: W10
+ms.mktglfcycl: plan
+ms.sitesec: library
+author: craigash
+---
+
+# Chromebook migration guide
+
+
+**Applies to**
+
+-   Windows 10
+
+In this guide you will learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. You will learn how to perform the necessary planning steps, including Windows device deployment, migration of user and device settings, app migration or replacement, and cloud storage migration. You will then learn the best method to perform the migration by using automated deployment and migration tools.
+
+## <a href="" id="plan-migration"></a>Plan Chromebook migration
+
+
+Before you begin to migrate Chromebook devices, plan your migration. As with most projects, there can be an urge to immediately start doing before planning. When you plan your Chromebook migration before you perform the migration, you can save countless hours of frustration and mistakes during the migration process.
+
+In the planning portion of this guide, you will identify all the decisions that you need to make and how to make each decision. At the end of the planning section, you will have a list of information you need to collect and what you need to do with the information. You will be ready to perform your Chromebook migration.
+
+## <a href="" id="plan-app-migrate-replace"></a>Plan for app migration or replacement
+
+
+App migration or replacement is an essential part of your Chromebook migration. In this section you will plan how you will migrate or replace Chromebook (Chrome OS) apps that are currently in use with the same or equivalent Windows apps. At the end of this section, you will have a list of the active Chrome OS apps and the Windows app counterparts.
+
+**Identify the apps currently in use on Chromebook devices**
+
+Before you can do any analysis or make decisions about which apps to migrate or replace, you need to identify which apps are currently in use on the Chromebook devices. You will create a list of apps that are currently in use (also called an app portfolio).
+
+**Note**  
+The majority of Chromebook apps are web apps. For these apps you need to first perform Microsoft Edge compatibility testing and then publish the web app URL to the Windows users. For more information, see the [Perform app compatibility testing for web apps](#perform-testing-webapps) section.
+
+ 
+
+You can divide the apps into the following categories:
+
+-   **Apps installed and managed by the institution.** These apps are typically managed in the Apps section in the Google Admin Console. You can record the list of these apps in your app portfolio.
+
+-   **Apps installed by faculty or students.** Faculty or students might have installed these apps as a part of a classroom curriculum. Obtain the list of these apps from faculty or students. Ensure you only record apps that are legitimately used as a part of classroom curriculum (and not for personal entertainment or use).
+
+Record the following information about each app in your app portfolio:
+
+-   App name
+
+-   App type (such as offline app, online app, web app, and so on)
+
+-   App publisher or developer
+
+-   App version currently in use
+
+-   App priority (how necessary is the app to the day-to-day process of the institution or a classroom? Rank as high, medium, or low)
+
+Throughout the entire app migration or replacement process, focus on the higher priority apps. Focus on lower priority apps only after you have determined what you will do with the higher priority apps.
+
+### <a href="" id="select-googleapps"></a>
+
+**Select Google Apps replacements**
+
+Table 1 lists the Windows device app replacements for the common Google Apps on Chromebook devices. If your users rely on any of these Google Apps, use the corresponding app on the Windows device. Use the information in Table 1 to select the Google App replacement on a Windows device.
+
+Table 1. Google App replacements
+
+| If you use this Google app on a Chromebook | Use this app on a Windows device     |
+|--------------------------------------------|--------------------------------------|
+| Google Docs                                | Word 2016 or Word Online             |
+| Google Sheets                              | Excel 2016 or Excel Online           |
+| Google Slides                              | PowerPoint 2016 or PowerPoint Online |
+| Google Apps Gmail                          | Outlook 2016 or Outlook Web App      |
+| Google Hangouts                            | Microsoft Skype for Business         |
+| Chrome                                     | Microsoft Edge                       |
+| Google Drive                               | Microsoft OneDrive for Business      |
+
+ 
+
+It may be that you will decide to replace Google Apps after you deploy Windows devices. For more information on making this decision, see the [Select cloud services migration strategy](#select-cs-migrationstrat) section of this guide.
+
+**Find the same or similar apps in the Windows Store**
+
+In many instances, software vendors will create a version of their app for multiple platforms. You can search the Windows Store to find the same or similar apps to any apps not identified in the [Select Google Apps replacements](#select-googleapps) section.
+
+In other instances, the offline app does not have a version written for the Windows Store or is not a web app. In these cases, look for an app that provides similar functions. For example, you might have a graphing calculator offline Android app published on the Chrome OS, but the software publisher does not have a version for Windows devices. Search the Windows Store for a graphing calculator app that provides similar features and functionality. Use that Windows Store app as a replacement for the graphing calculator offline Android app published on the Chrome OS.
+
+Record the Windows app that replaces the Chromebook app in your app portfolio.
+
+### <a href="" id="perform-testing-webapps"></a>
+
+**Perform app compatibility testing for web apps**
+
+The majority of Chromebook apps are web apps. Because you cannot run native offline Chromebook apps on a Windows device, there is no reason to perform app compatibility testing for offline Chromebook apps. However, you may have a number of web apps that will run on both platforms.
+
+Ensure that you test these web apps in Microsoft Edge. Record the level of compatibility for each web app in Microsoft Edge in your app portfolio.
+
+## <a href="" id="plan-migrate-user-device-settings"></a>Plan for migration of user and device settings
+
+
+Some institutions have configured the Chromebook devices to make the devices easier to use by using the Google Chrome Admin Console. You have also probably configured the Chromebook devices to help ensure the user data access and ensure that the devices themselves are secure by using the Google Chrome Admin Console.
+
+However, in addition to your centralized configuration in the Google Admin Console, Chromebook users have probably customized their device. In some instances, users may have changed the web content that is displayed when the Chrome browser starts. Or they may have bookmarked websites for future reference. Or users may have installed apps for use in the classroom.
+
+In this section, you will identify the user and device configuration settings for your Chromebook users and devices. Then you will prioritize these settings to focus on the configuration settings that are essential to your educational institution.
+
+At the end of this section, you should have a list of Chromebook user and device settings that you want to migrate to Windows, as well as a level of priority for each setting. You may discover at the end of this section that you have few or no higher priority settings to be migrated. If this is the case, you can skip the [Perform migration of user and device settings](#migrate-user-device-settings) section of this guide.
+
+**Identify Google Admin Console settings to migrate**
+
+You use the Google Admin Console (as shown in Figure 1) to manage user and device settings. These settings are applied to all the Chromebook devices in your institution that are enrolled in the Google Admin Console. Review the user and device settings in the Google Admin Console and determine which settings are appropriate for your Windows devices.
+
+![figure 1](images/chromebook-fig1-googleadmin.png)
+
+Figure 1. Google Admin Console
+
+Table 2 lists the settings in the Device Management node in the Google Admin Console. Review the settings and determine which settings you will migrate to Windows.
+
+Table 2. Settings in the Device Management node in the Google Admin Console
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Section</th>
+<th align="left">Settings</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left">Network</td>
+<td align="left"><p>These settings configure the network connections for Chromebook devices and include the following settings categories:</p>
+<ul>
+<li><p><strong>Wi-Fi.</strong> Configures the Wi-Fi connections that are available. The Windows devices will need these configuration settings to connect to the same Wi-Fi networks.</p></li>
+<li><p><strong>Ethernet.</strong> Configures authentication for secured, wired Ethernet connections (802.1x). The Windows devices will need these configuration settings to connect to the network.</p></li>
+<li><p><strong>VPN.</strong> Specifies the VPN network connections used by devices when not directly connected to your intranet. The Windows devices will need the same VPN network connections for users to remotely connect to your intranet.</p></li>
+<li><p><strong>Certificates.</strong> Contains the certificates used for network authentication. The Windows devices will need these certificates to connect to the network.</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left">Mobile</td>
+<td align="left"><p>These settings configure and manage companion devices (such as smartphones or tablets) that are used in conjunction with the Chromebook devices and include the following settings categories:</p>
+<ul>
+<li><p><strong>Device management settings.</strong> Configures settings for mobile (companion) devices, such as device synchronization, password settings, auditing, enable remote wipe, and other settings. Record these settings so that you can ensure the same settings are applied when the devices are being managed by Microsoft Intune or another mobile device management (MDM) provider.</p></li>
+<li><p><strong>Device activation.</strong> Contains a list of mobile (companion) devices that need to be approved for management by using the Google Admin Console. Approve or block any devices in this list so that the list of managed devices accurately reflects active managed devices.</p></li>
+<li><p><strong>Managed devices.</strong> Performs management tasks on mobile (companion) devices that are managed by the Google Admin Console. Record the list of companion devices on this page so that you can ensure the same devices are managed by Intune or another MDM provider.</p></li>
+<li><p><strong>Set Up Apple Push Certificate.</strong> Configures the certificate that is essentially the digital signature that lets the Google Admin Console manage iOS devices. You will need this certificate if you plan to manage iOS devices by using Intune or another MDM provider.</p></li>
+<li><p><strong>Set Up Android for Work.</strong> Authorizes the Google Admin Console to be the MDM provider for Android devices by providing an Enterprise Mobility Management (EMM) token. You will need this token if you plan to manage Android devices by using another MDM provider.</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left">Chrome management</td>
+<td align="left"><p>These settings configure and manage companion devices (such as smartphones or tablets) that are used in conjunction with the Chromebook devices and include the following settings categories:</p>
+<ul>
+<li><p><strong>User settings.</strong> Configures user-based settings for the Chrome browser and Chromebook devices. Most of these Chromebook user-based settings can be mapped to a corresponding setting in Windows. Record the settings and then map them to settings in Group Policy or Intune.</p></li>
+<li><p><strong>Public session settings.</strong> Configures Public Sessions for Chrome devices that are used as kiosks, loaner devices, shared computers, or for any other work or school-related purpose for which users don't need to sign in with their credentials. You can configure Windows devices similarly by using Assigned Access. Record the settings and apps that are available in Public Sessions so that you can provide similar configuration in Assigned Access.</p></li>
+<li><p><strong>Device settings.</strong> Configures device-based settings for the Chrome browser and Chromebook devices. You can map most of these Chromebook device-based settings to a corresponding setting in Windows. Record the settings and then map them to settings in Group Policy or Intune.</p></li>
+<li><p><strong>Devices.</strong> Manages Chrome device management licenses. The number of licenses recorded here should correspond to the number of licenses you will need for your new management system, such as Intune. Record the number of licenses and use those to determine how many licenses you will need to manage your Windows devices.</p></li>
+<li><p><strong>App Management.</strong> Provides configuration settings for Chrome apps. Record the settings for any apps that you have identified that will run on Windows devices.</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+Table 3 lists the settings in the Security node in the Google Admin Console. Review the settings and determine which settings you will migrate to Windows.
+
+Table 3. Settings in the Security node in the Google Admin Console
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Section</th>
+<th align="left">Settings</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Basic settings</p></td>
+<td align="left"><p>These settings configure password management and whether or not two-factor authentication (2FA) is configured. You can set the minimum password length, the maximum password length, if non-admin users can recover their own passwords, and enable 2FA.</p>
+<p>Record these settings and use them to help configure your on-premises Active Directory or Azure Active Directory (Azure AD) to mirror the current behavior of your Chromebook environment.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Password monitoring</p></td>
+<td align="left"><p>This section is used to monitor the strength of user passwords. You don’t need to migrate any settings in this section.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>API reference</p></td>
+<td align="left"><p>This section is used to enable access to various Google Apps Administrative APIs. You don’t need to migrate any settings in this section.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Set up single sign-on (SSO)</p></td>
+<td align="left"><p>This section is used to configure SSO for Google web-based apps (such as Google Apps Gmail or Google Apps Calendar). While you don’t need to migrate any settings in this section, you probably will want to configure Azure Active Directory synchronization to replace Google-based SSO.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Advanced settings</p></td>
+<td align="left"><p>This section is used to configure administrative access to user data and to configure the Google Secure Data Connector (which allows Google Apps to access data on your local network). You don’t need to migrate any settings in this section.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Identify locally-configured settings to migrate**
+
+In addition to the settings configured in the Google Admin Console, users may have locally configured their devices based on their own personal preferences (as shown in Figure 2). Table 4 lists the Chromebook user and device settings that you can locally configure. Review the settings and determine which settings you will migrate to Windows. Some of the settings listed in Table 4 can only be seen when you click the **Show advanced settings** link (as shown in Figure 2).
+
+![figure 2](images/fig2-locallyconfig.png)
+
+Figure 2. Locally-configured settings on Chromebook
+
+Table 4. Locally-configured settings
+
+| Section                | Settings                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
+|------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Internet connections   | These settings configure the Internet connection for the devices, such as Wi-Fi and VPN connections. Record the network connection currently in use and configure the Windows device to use the same network connection settings.                                                                                                                                                                                                                                                                                            |
+| Appearances            | These settings affect the appearance of the desktop. Record the wallpaper image file that is used. Migrate the image file to the Windows device and configure as the user’s wallpaper to maintain similar user experience.                                                                                                                                                                                                                                                                                                   |
+| Search                 | These settings configure which search engine is used to search for content. Record this setting so that you can use as the search engine on the Windows device.                                                                                                                                                                                                                                                                                                                                                              |
+| Advanced sync settings | These settings configure which user settings are synchronized with the Google cloud, such as Apps, Extensions, History, Passwords, Settings, and so on. Record these settings and configure the Windows device with the same settings if you decide to continue to use Google Apps and other cloud services after you migrate to Windows devices.                                                                                                                                                                            |
+| Date and time          | These settings configure the time zone and if 24-hour clock time should be used. Record these settings and configure the Windows device to use these settings.                                                                                                                                                                                                                                                                                                                                                               |
+| Privacy                | These settings configure Google Chrome web browser privacy settings (such as prediction service, phishing and malware protection, spelling errors, resource pre-fetch, and so on). Record these settings and configure Microsoft Edge, Internet Explorer, or the web browser of your choice with these settings.                                                                                                                                                                                                             |
+| Bluetooth              | This setting configures whether or not Bluetooth is enabled on the device. Record this setting and configure the Windows device similarly.                                                                                                                                                                                                                                                                                                                                                                                   |
+| Passwords and forms    | These settings configure Google Chrome web browser to enable autofill of web forms and to save web passwords. Record these settings and configure Microsoft Edge, Internet Explorer, or the web browser of your choice with these settings.                                                                                                                                                                                                                                                                                  |
+| Smart lock             | These settings configure the Chromebook when the user’s Android phone is nearby and unlocked, which eliminates the need to type a password. You don’t need to migrate settings in this section.                                                                                                                                                                                                                                                                                                                              |
+| Web content            | These settings configure how the Chrome web browser displays content (such as font size and page zoom). Record these settings and configure Microsoft Edge, Internet Explorer, or the web browser of your choice with these settings.                                                                                                                                                                                                                                                                                        |
+| Languages              | These settings configure the language in use for the Chromebook. Record these settings and configure the Windows device to support the same language.                                                                                                                                                                                                                                                                                                                                                                        |
+| Downloads              | These settings configure the default folder for file download, if the user should be prompted where to save files, and if the Google Drive account should be disconnected. Record these settings and configure the Windows device with similar settings.                                                                                                                                                                                                                                                                     |
+| HTTPS/SSL              | These settings configure client-side certificates that are used to authenticate the device. Depending on the services or apps that use these certificates, you may need to export and then migrate these certificates to the Windows device. Contact the service or app provider to determine if you can use the existing certificate or if a new certificate needs to be issued. Record these settings and migrate the certificate to the Windows device or enroll for a new certificate as required by the service or app. |
+| Google Cloud Print     | These settings configure the printers that are available to the user. Record the list of printers available to the user and configure the Windows device to have the same printers available. Ensure that the user-friendly printer names in Windows are the same as for the Chromebook device. For example, if the Chromebook device has a printer named “Laser Printer in Registrar’s Office”, use that same name in Windows.                                                                                              |
+| On startup             | These settings configure which web pages are opened when the Chrome web browser starts. Record these settings and configure Microsoft Edge, Internet Explorer, or the web browser of your choice with these settings.                                                                                                                                                                                                                                                                                                        |
+| Accessibility          | These settings configure the Chromebook ease of use (such as display of large mouse cursor, use of high contrast mode, enablement of the screen magnifier, and so on). Record these settings and configure the Windows device with similar settings.                                                                                                                                                                                                                                                                         |
+| Powerwash              | This action removes all user accounts and resets the Chromebook device back to factory settings. You don’t have to migrate any settings in this section.                                                                                                                                                                                                                                                                                                                                                                     |
+| Reset settings         | This action retains all user accounts, but restores all settings back to their default values. You don’t have to migrate any settings in this section.                                                                                                                                                                                                                                                                                                                                                                       |
+
+ 
+
+Determine how many users have similar settings and then consider managing those settings centrally. For example, a large number of users may have many of the same Chrome web browser settings. You can centrally manage these settings in Windows after migration.
+
+Also, as a part of this planning process, consider settings that may not be currently managed centrally, but should be managed centrally. Record the settings that are currently being locally managed, but you want to manage centrally after the migration.
+
+**Prioritize settings to migrate**
+
+After you have collected all the Chromebook user, app, and device settings that you want to migrate, you need to prioritize each setting. Evaluate each setting and assign a priority to the setting based on the levels of high, medium, and low.
+
+Assign the setting-migration priority based on how critical the setting is to the faculty performing their day-to-day tasks and how the setting affects the curriculum in the classrooms. Focus on the migration of higher priority settings and put less effort into the migration of lower priority settings. There may be some settings that are not necessary at all and can be dropped from your list of settings entirely. Record the setting priority in the list of settings you plan to migrate.
+
+## <a href="" id="plan-email-migrate"></a>Plan for email migration
+
+
+Many of your users may be using Google Apps Gmail to manage their email, calendars, and contacts. You need to create the list of users you will migrate and the best time to perform the migration.
+
+Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information, see [Migrate Google Apps mailboxes to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690252).
+
+**Identify the list of user mailboxes to migrate**
+
+In regards to creating the list of users you will migrate, it might seem that the answer “all the users” might be the best one. However, depending on the time you select for migration, only a subset of the users may need to be migrated. For example, you may not persist student email accounts between semesters or between academic years. In this case you would only need to migrate faculty and staff.
+
+Also, when you perform a migration it is a great time to verify that all user mailboxes are active. In many environments there are a significant number of mailboxes that were provisioned for users that are no longer a part of the institution (such as interns or student assistants). You can eliminate these users from your list of user mailboxes to migrate.
+
+Create your list of user mailboxes to migrate in Excel 2016 based on the format described in step 7 in [Create a list of Gmail mailboxes to migrate](http://go.microsoft.com/fwlink/p/?LinkId=690253). If you follow this format, you can use the Microsoft Excel spreadsheet to perform the actual migration later in the process.
+
+**Identify companion devices that access Google Apps Gmail**
+
+In addition to Chromebook devices, users may have companion devices (smartphones, tablets, desktops, laptops, and so on) that also access the Google Apps Gmail mailbox. You will need to identify those companion devices and identify the proper configuration for those devices to access Office 365 mailboxes.
+
+After you have identified each companion device, verify the settings for the device that are used to access Office 365. You only need to test one type of each companion device. For example, if users use Android phones to access Google Apps Gmail mailboxes, configure the device to access Office 365 and then record those settings. You can publish those settings on a website or to your helpdesk staff so that users will know how to access their Office 365 mailbox.
+
+In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify this on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690254).
+
+**Identify the optimal timing for the migration**
+
+Typically, the best time to perform the migration is between academic years or during semester breaks. Select the time of least activity for your institution. And during that time, the optimal time to perform the migration might be during an evening or over a weekend.
+
+Ensure that you communicate the time the migration will occur to your users well in advance. Also, ensure that users know how to access their Office 365 email after the migration is complete. Finally, ensure that your users know how to perform the common tasks they performed in Google Apps Gmail in Office 365 and/or Outlook 2016.
+
+## <a href="" id="plan-cloud-storage-migration"></a>Plan for cloud storage migration
+
+
+Chromebook devices have limited local storage. So, most of your users will store data in cloud storage, such as Google Drive. You will need to plan how to migrate your cloud storage as a part of the Chromebook migration process.
+
+In this section, you will create a list of the existing cloud services, select the Microsoft cloud services that best meet your needs, and then optimize your cloud storage services migration plan.
+
+**Identify cloud storage services currently in use**
+
+Typically, most Chromebook users use Google Drive for cloud storage services because your educational institution purchased other Google cloud services and Google Drive is a part of those services. However, some users may use cloud storage services from other vendors. For each member of your faculty and staff and for each student, create a list of cloud storage services that includes the following:
+
+-   Name of the cloud storage service
+
+-   Cloud storage service vendor
+
+-   Associated licensing costs or fees
+
+-   Approximate storage currently in use per user
+
+Use this information as the requirements for your cloud storage services after you migrate to Windows devices. If at the end of this discovery you determine there is no essential data being stored in cloud storage services that requires migration, then you can skip to the [Plan for cloud services migration](#plan-cloud-services) section.
+
+**Optimize cloud storage services migration plan**
+
+Now that you know the current cloud storage services configuration, you need to optimize your cloud storage services migration plan for Microsoft OneDrive for Business. Optimization helps ensure that your use only the cloud storage services resources that are necessary for your requirements.
+
+Consider the following to help optimize your cloud storage services migration plan:
+
+-   **Eliminate inactive user storage.** Before you perform the cloud storage services migration, identify cloud storage that is currently allocated to inactive users. Remove this storage from your list of cloud storage to migrate.
+
+-   **Eliminate or archive inactive files.** Review cloud storage to identify files that are inactive (have not been accessed for some period of time). Eliminate or archive these files so that they do not consume cloud storage.
+
+-   **Consolidate cloud storage services.** If multiple cloud storage services are in use, reduce the number of cloud storage services and standardize on one cloud storage service. This will help reduce management complexity, support time, and typically will reduce cloud storage costs.
+
+Record your optimization changes in your cloud storage services migration plan.
+
+## <a href="" id="plan-cloud-services"></a>Plan for cloud services migration
+
+
+Many of your users may use cloud services on their Chromebook device, such as Google Apps, Google Drive, or Google Apps Gmail. You have planned for these individual cloud services in the [Plan for app migration or replacement](#plan-app-migrate-replace), [Plan for Google Apps Gmail to Office 365 migration](#plan-email-migrate), and [Plan for cloud storage migration](#plan-cloud-storage-migration) sections.
+
+In this section, you will create a combined list of these cloud services and then select the appropriate strategy to migrate these cloud services.
+
+### <a href="" id="identify-cloud-services-inuse"></a>
+
+**Identify cloud services currently in use**
+
+You have already identified the individual cloud services that are currently in use in your educational institution in the [Plan for app migration or replacement](#plan-app-migrate-replace), [Plan for Google Apps Gmail to Office 365 migration](#plan-email-migrate), and [Plan for cloud storage migration](#plan-cloud-storage-migration) sections. Create a unified list of these cloud services and record the following about each service:
+
+-   Cloud service name
+
+-   Cloud service provider
+
+-   Number of users that use the cloud service
+
+**Select cloud services to migrate**
+
+One of the first questions you should ask after you identify the cloud services currently in use is, “Why do we need to migrate from these cloud services?” The answer to this question largely comes down to finances and features.
+
+Here is a list of reasons that describe why you might want to migrate from an existing cloud service to Microsoft cloud services:
+
+-   **Better integration with Office 365.** If your long-term strategy is to migrate to Office 365 apps (such as Word 2016 or Excel 2016) then a migration to Microsoft cloud services will provide better integration with these apps. The use of existing cloud services may not be as intuitive for users. For example, Office 365 apps will integrate better with OneDrive for Business compared to Google Drive.
+
+-   **Online apps offer better document compatibility.** Microsoft Office online apps (such as Word Online and Excel Online) provide the highest level of compatibility with Microsoft Office documents. The Office online apps allow you to open and edit documents directly from SharePoint or OneDrive for Business. Users can access the Office online app from any device with Internet connectivity.
+
+-   **Reduce licensing costs.** If you pay for Office 365 licenses, then Office 365 apps and cloud storage are included in those licenses. Although you could keep existing cloud services, you probably would pay more to keep those services.
+
+-   **Improve storage capacity and cross-platform features.** Microsoft cloud services provide competitive storage capacity and provide more Windows-centric features than other cloud services providers. While the Microsoft cloud services user experience is highly optimized for Windows devices, Microsoft cloud services are also highly optimized for companion devices (such as iOS or Android devices).
+
+Review the list of existing cloud services that you created in the [Identify cloud services currently in use](#identify-cloud-services-inuse) section and identify the cloud services that you want to migrate to Microsoft cloud services. If you determine at the end of this task that there are no cloud services to be migrated, then skip to the [Plan for Windows device deployment](#plan-windevice-deploy) section. Also, skip the [Perform cloud services migration](#perform-cloud-services-migration) section later in this guide.
+
+**Prioritize cloud services**
+
+After you have created your aggregated list of cloud services currently in use by Chromebook users, prioritize each cloud service. Evaluate each cloud service and assign a priority based on the levels of high, medium, and low.
+
+Assign the priority based on how critical the cloud service is to the faculty and staff performing their day-to-day tasks and how the cloud service affects the curriculum in the classrooms. Also, make cloud services that are causing pain for the users a higher priority. For example, if users experience outages with a specific cloud service, then make migration of that cloud service a higher priority.
+
+Focus on the migration of higher priority cloud services first and put less effort into the migration of lower priority cloud services. There may be some cloud services that are unnecessary and you can remove them from your list of cloud services to migrate entirely. Record the cloud service migration priority in the list of cloud services you plan to migrate.
+
+### <a href="" id="select-cs-migrationstrat"></a>
+
+**Select cloud services migration strategy**
+
+When you deploy the Windows devices, should you migrate the faculty, staff, and students to the new cloud services? Perhaps. But, in most instances you will want to select a migration strategy that introduces a number of small changes over a period of time.
+
+Consider the following when you create your cloud services migration strategy:
+
+-   **Introduce small changes.** The move from Chrome OS to Windows will be simple for most users as most will have exposure to Windows from home, friends, or family. However, users may not be as familiar with the apps or cloud services. Consider the move to Windows first, and then make other changes as time progresses.
+
+-   **Start off by using existing apps and cloud services.** Immediately after the migration to Windows devices, you may want to consider running the existing apps and cloud services (such Google Apps, Google Apps Gmail, and Google Drive). This gives users a familiar method to perform their day-to-day tasks.
+
+-   **Resolve pain points.** If some existing apps or cloud services cause problems, you may want to migrate them sooner rather than later. In most instances, users will be happy to go through the learning curve of a new app or cloud service if it is more reliable or intuitive for them to use.
+
+-   **Migrate classrooms or users with common curriculum.** Migrate to Windows devices for an entire classroom or for multiple classrooms that share common curriculum. You must ensure that the necessary apps and cloud services are available for the curriculum prior to the migration of one or more classrooms.
+
+-   **Migrate when the fewest number of active users are affected.** Migrate your cloud services at the end of an academic year or end of a semester. This will ensure you have minimal impact on faculty, staff, and students. Also, a migration during this time will minimize the learning curve for users as they are probably dealing with new curriculum for the next semester. Also, you may not need to migrate student apps and data because many educational institutions do not preserve data between semesters or academic years.
+
+-   **Overlap existing and new cloud services.** For faculty and staff, consider overlapping the existing and new cloud services (having both services available) for one business cycle (end of semester or academic year) after migration. This allows you to easily recover any data that might not have migrated successfully from the existing cloud services. At a minimum, overlap the user of existing and new cloud services until the user can verify the migration. Of course, the tradeoff for using this strategy is the cost of the existing cloud services. However, depending on when license renewal occurs, the cost may be minimal.
+
+## <a href="" id="plan-windevice-deploy"></a>Plan for Windows device deployment
+
+
+You need to plan for Windows device deployment to help ensure that the devices are successfully installed and configured to replace the Chromebook devices. Even if the vendor that provides the devices pre-loads Windows 10 on them, you still will need to perform other tasks.
+
+In this section you will select a Windows device deployment strategy; plan for Active Directory Domain Services (AD DS) and Azure AD services; plan for device, user, and app management; and plan for any necessary network infrastructure remediation.
+
+### <a href="" id="select-windows-device-deploy"></a>
+
+**Select a Windows device deployment strategy**
+
+What decisions need to be made about Windows device deployment? You just put the device on a desk, hook up power, connect to Wi-Fi, and then let the users operate the device, right? That is essentially correct, but depending on the extent of your deployment and other factors, you need to consider different deployment strategies.
+
+For each classroom that has Chromebook devices, select a combination of the following device deployment strategies:
+
+-   **Deploy one classroom at a time.** In most cases you will want to perform your deployment in batches of devices and a classroom is an excellent way to batch devices. You can treat each classroom as a unit and check each classroom off your list after you have deployed the devices.
+
+-   **Deploy based on curriculum.** Deploy the Windows devices after you have confirmed that the curriculum is ready for the Windows devices. If you deploy Windows devices without the curriculum installed and tested, you could significantly reduce the ability for students and teachers to perform effectively in the classroom. Also, deployment based on curriculum has the advantage of letting you move from classroom to classroom quickly if multiple classrooms use the same curriculum.
+
+-   **Deploy side-by-side.** In some instances you may need to have both the Chromebook and Windows devices in one or more classrooms. You can use this strategy if some of the curriculum only works on Chromebook and other parts of the curriculum works on Windows devices. This is a good method to help prevent delays in Windows device deployment, while ensuring that students and teachers can make optimal use of technology in their curriculum.
+
+-   **Deploy after apps and cloud services migration.** If you deploy a Windows device without the necessary apps and cloud services to support the curriculum, this provides only a portion of your complete solution. Ensure that the apps and cloud services are tested, provisioned, and ready for use prior to the deployment of Windows devices.
+
+-   **Deploy after the migration of user and device settings.** Ensure that you have identified the user and device settings that you plan to migrate and that those settings are ready to be applied to the new Windows devices. For example, you would want to create Group Policy Objects (GPOs) to apply the user and device settings to Windows devices.
+
+    If you ensure that Windows devices closely mirror the Chromebook device configuration, you will ease user learning curve and create a sense of familiarity. Also, when you have the settings ready to be applied to the devices, it helps ensure you will deploy your new Windows devices in a secure configuration.
+
+Record the combination of Windows device deployment strategies that you selected.
+
+### <a href="" id="plan-adservices"></a>
+
+**Plan for AD DS and Azure AD services**
+
+The next decision you will need to make concerns AD DS and Azure AD services. You can run AD DS on-premises, in the cloud by using Azure AD, or a combination of both (hybrid). The decision about which of these options is best is closely tied to how you will manage your users, apps, and devices and if you will use Office 365 and other Azure-based cloud services.
+
+In the hybrid configuration, your on-premises AD DS user and group objects are synchronized with Azure AD (including passwords). The synchronization happens both directions so that changes are made in both your on-premises AD DS and Azure AD.
+
+Table 5 is a decision matrix that helps you decide if you can use only on-premises AD DS, only Azure AD, or a combination of both (hybrid). If the requirements you select from the table require on-premises AD DS and Azure AD, then you should select hybrid. For example, if you plan to use Office 365 and use Group Policy for management, then you would select hybrid. However, if you plan to use Office 365 and use Intune for management, then you would select only Azure AD.
+
+Table 5. Select on-premises AD DS, Azure AD, or hybrid
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">If you plan to...</th>
+<th align="left">On-premises AD DS</th>
+<th align="left">Azure AD</th>
+<th align="left">Hybrid</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left">Use Office 365</td>
+<td align="left"></td>
+<td align="left">X</td>
+<td align="left">X</td>
+</tr>
+<tr class="even">
+<td align="left">Use Intune for management</td>
+<td align="left"></td>
+<td align="left">X</td>
+<td align="left">X</td>
+</tr>
+<tr class="odd">
+<td align="left">Use System Center 2012 R2 Configuration Manager for management</td>
+<td align="left">X</td>
+<td align="left"></td>
+<td align="left">X</td>
+</tr>
+<tr class="even">
+<td align="left">Use Group Policy for management</td>
+<td align="left">X</td>
+<td align="left"></td>
+<td align="left">X</td>
+</tr>
+<tr class="odd">
+<td align="left">Have devices that are domain-joined</td>
+<td align="left">X</td>
+<td align="left"></td>
+<td align="left">X</td>
+</tr>
+<tr class="even">
+<td align="left">Allow faculty and students to Bring Your Own Device (BYOD) which are not domain-joined</td>
+<td align="left"></td>
+<td align="left">X</td>
+<td align="left">X</td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### <a href="" id="plan-userdevapp-manage"></a>
+
+**Plan device, user, and app management**
+
+You may ask the question, “Why plan for device, user, and app management before you deploy the device?” The answer is that you will only deploy the device once, but you will manage the device throughout the remainder of the device's lifecycle.
+
+Also, planning management before deployment is essential to being ready to support the devices as you deploy them. You want to have your management processes and technology in place when the first teachers, facility, or students start using their new Windows device.
+
+Table 6 is a decision matrix that lists the device, user, and app management products and technologies and the features supported by each product or technology. The primary device, user, and app management products and technologies include Group Policy, System Center Configuration Manager, Intune, and the Microsoft Deployment Toolkit (MDT). Use this decision matrix to help you select the right combination of products and technologies for your plan.
+
+Table 6. Device, user, and app management products and technologies
+
+<table style="width:100%;">
+<colgroup>
+<col width="14%" />
+<col width="14%" />
+<col width="14%" />
+<col width="14%" />
+<col width="14%" />
+<col width="14%" />
+<col width="14%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Desired feature</th>
+<th align="left">Windows provisioning packages</th>
+<th align="left">Group Policy</th>
+<th align="left">Configuration Manager</th>
+<th align="left">Intune</th>
+<th align="left">MDT</th>
+<th align="left">Windows Software Update Services</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left">Deploy operating system images</td>
+<td align="left">X</td>
+<td align="left"></td>
+<td align="left">X</td>
+<td align="left"></td>
+<td align="left">X</td>
+<td align="left"></td>
+</tr>
+<tr class="even">
+<td align="left">Deploy apps during operating system deployment</td>
+<td align="left">X</td>
+<td align="left"></td>
+<td align="left">X</td>
+<td align="left"></td>
+<td align="left">X</td>
+<td align="left"></td>
+</tr>
+<tr class="odd">
+<td align="left">Deploy apps after operating system deployment</td>
+<td align="left">X</td>
+<td align="left">X</td>
+<td align="left">X</td>
+<td align="left"></td>
+<td align="left"></td>
+<td align="left"></td>
+</tr>
+<tr class="even">
+<td align="left">Deploy software updates during operating system deployment</td>
+<td align="left"></td>
+<td align="left"></td>
+<td align="left">X</td>
+<td align="left"></td>
+<td align="left">X</td>
+<td align="left"></td>
+</tr>
+<tr class="odd">
+<td align="left">Deploy software updates after operating system deployment</td>
+<td align="left">X</td>
+<td align="left">X</td>
+<td align="left">X</td>
+<td align="left">X</td>
+<td align="left"></td>
+<td align="left">X</td>
+</tr>
+<tr class="even">
+<td align="left">Support devices that are domain-joined</td>
+<td align="left">X</td>
+<td align="left">X</td>
+<td align="left">X</td>
+<td align="left">X</td>
+<td align="left">X</td>
+<td align="left"></td>
+</tr>
+<tr class="odd">
+<td align="left">Support devices that are not domain-joined</td>
+<td align="left">X</td>
+<td align="left"></td>
+<td align="left"></td>
+<td align="left">X</td>
+<td align="left">X</td>
+<td align="left"></td>
+</tr>
+<tr class="even">
+<td align="left">Use on-premises resources</td>
+<td align="left">X</td>
+<td align="left">X</td>
+<td align="left">X</td>
+<td align="left"></td>
+<td align="left">X</td>
+<td align="left"></td>
+</tr>
+<tr class="odd">
+<td align="left">Use cloud-based services</td>
+<td align="left"></td>
+<td align="left"></td>
+<td align="left"></td>
+<td align="left">X</td>
+<td align="left"></td>
+<td align="left"></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+You can use Configuration Manager and Intune in conjunction with each other to provide features from both products and technologies. In some instances you may need only one of these products or technologies. In other instances, you may need two or more to meet the device, user, and app management needs for your institution.
+
+Record the device, user, and app management products and technologies that you selected.
+
+### <a href="" id="plan-network-infra-remediation"></a>
+
+**Plan network infrastructure remediation**
+
+In addition to AD DS, Azure AD, and management components, there are other network infrastructure services that Windows devices need. In most instances, Windows devices have the same network infrastructure requirements as the existing Chromebook devices.
+
+Examine each of the following network infrastructure technologies and services and determine if any remediation is necessary:
+
+-   **Domain Name System (DNS)** provides translation between a device name and its associated IP address. For Chromebook devices, public facing, Internet DNS services are the most important. For Windows devices that only access the Internet, they have the same requirements.
+
+    However, if you intend to communicate between Windows devices (peer-to-peer or client/server) then you will need local DNS services. Windows devices will register their name and IP address with the local DNS services so that Windows devices can locate each other.
+
+-   **Dynamic Host Configuration Protocol (DHCP)** provides automatic IP configuration for devices. Your existing Chromebook devices probably use DHCP for configuration. If you plan to immediately replace the Chromebook devices with Windows devices, then you only need to release all the DHCP reservations for the Chromebook devices prior to the deployment of Windows devices.
+
+    If you plan to run Chromebook and Windows devices side-by-side, then you need to ensure that your DHCP service has adequate IP addresses available for both sets of devices.
+
+-   **Wi-Fi.** Chromebook devices are designed to connect to Wi-Fi networks. Windows devices are the same. Your existing Wi-Fi network for the Chromebook devices should be adequate for the same number of Windows devices.
+
+    If you plan to significantly increase the number of Windows devices or you plan to run Chromebook and Windows devices side-by-side, then you need to ensure that Wi-Fi network can support the number of devices.
+
+-   **Internet bandwidth.** Chromebook devices consume more Internet bandwidth (up to 700 times more) than Windows devices. This means that if your existing Internet bandwidth is adequate for the Chromebook devices, then the bandwidth will be more than adequate for Windows devices.
+
+    However, if you plan to significantly increase the number of Windows devices or you plan to run Chromebook and Windows devices side-by-side, then you need to ensure that your Internet connection can support the number of devices.
+
+    For more information that compares Internet bandwidth consumption for Chromebook and Windows devices, see the following resources:
+
+    -   [Chromebook vs. Windows Notebook Network Traffic Analysis](http://go.microsoft.com/fwlink/p/?LinkId=690255)
+
+    -   [Hidden Cost of Chromebook Deployments](http://go.microsoft.com/fwlink/p/?LinkId=690256)
+
+    -   [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](http://go.microsoft.com/fwlink/p/?LinkId=690257)
+
+-   **Power.** Although not specifically a network infrastructure, you need to ensure your classrooms have adequate power. Chromebook and Windows devices should consume similar amounts of power. This means that your existing power outlets should support the same number of Windows devices.
+
+    If you plan to significantly increase the number of Windows devices or you plan to run Chromebook and Windows devices side-by-side, you need to ensure that the power outlets, power strips, and other power management components can support the number of devices.
+
+At the end of this process, you may determine that no network infrastructure remediation is necessary. If so, you can skip the [Perform network infrastructure remediation](#network-infra-remediation) section of this guide.
+
+## Perform Chromebook migration
+
+
+Thus far, planning has been the primary focus. Believe it or not most of the work is now done. The rest of the Chromebook migration is just the implementation of the plan you have created.
+
+In this section you will perform the necessary steps for the Chromebook device migration. You will perform the migration based on the planning decision that you made in the [Plan Chromebook migration](#plan-migration) section earlier in this guide.
+
+You must perform some of the steps in this section in a specific sequence. Each section has guidance about when to perform a step. You can perform other steps before, during, or after the migration. Again, each section will tell you if the sequence is important.
+
+## <a href="" id="network-infra-remediation"></a>Perform network infrastructure remediation
+
+
+The first migration task is to perform any network infrastructure remediation. In the [Plan network infrastructure remediation](#plan-network-infra-remediation) section, you determined the network infrastructure remediation (if any) that you needed to perform.
+
+It is important that you perform any network infrastructure remediation first because the remaining migration steps are dependent on the network infrastructure. Table 7 lists the Microsoft network infrastructure products and technologies and deployment resources for each.
+
+Table 7. Network infrastructure products and technologies and deployment resources
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Product or technology</th>
+<th align="left">Resources</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left">DHCP</td>
+<td align="left"><ul>
+<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[DHCP Deployment Guide](http://go.microsoft.com/fwlink/p/?LinkId=734021)</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left">DNS</td>
+<td align="left"><ul>
+<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[Deploying Domain Name System (DNS)](http://go.microsoft.com/fwlink/p/?LinkId=734022)</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+If you use network infrastructure products and technologies from other vendors, refer to the vendor documentation on how to perform the necessary remediation. If you determined that no remediation is necessary, you can skip this section.
+
+## Perform AD DS and Azure AD services deployment or remediation
+
+
+It is important that you perform AD DS and Azure AD services deployment or remediation right after you finish network infrastructure remediation. Many of the remaining migration steps are dependent on you having your identity system (AD DS or Azure AD) in place and up to necessary expectations.
+
+In the [Plan for Active Directory services](#plan-adservices) section, you determined the AD DS and/or Azure AD deployment or remediation (if any) that needed to be performed. Table 8 list AD DS, Azure AD, and the deployment resources for both. Use the resources in this table to deploy or remediate on-premises AD DS, Azure AD, or both.
+
+Table 8. AD DS, Azure AD and deployment resources
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Product or technology</th>
+<th align="left">Resources</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left">AD DS</td>
+<td align="left"><ul>
+<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[Active Directory Domain Services Overview](http://go.microsoft.com/fwlink/p/?LinkId=733909)</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left">Azure AD</td>
+<td align="left"><ul>
+<li><p>[Azure Active Directory documentation](http://go.microsoft.com/fwlink/p/?LinkId=690258)</p></li>
+<li><p>[Manage and support Azure Active Directory Premium](http://go.microsoft.com/fwlink/p/?LinkId=690259)</p></li>
+<li><p>[Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](http://go.microsoft.com/fwlink/p/?LinkId=690260)</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+If you decided not to migrate to AD DS or Azure AD as a part of the migration, or if you determined that no remediation is necessary, you can skip this section. If you use identity products and technologies from another vendor, refer to the vendor documentation on how to perform the necessary steps.
+
+## Prepare device, user, and app management systems
+
+
+In the [Plan device, user, and app management](#plan-userdevapp-manage) section of this guide, you selected the products and technologies that you will use to manage devices, users, and apps on Windows devices. You need to prepare your management systems prior to Windows 10 device deployment. You will use these management systems to manage the user and device settings that you selected to migrate in the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section. You need to prepare these systems prior to the migration of user and device settings.
+
+Table 9 lists the Microsoft management systems and the deployment resources for each. Use the resources in this table to prepare (deploy or remediate) these management systems.
+
+Table 9. Management systems and deployment resources
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Management system</th>
+<th align="left">Resources</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left">Windows provisioning packages</td>
+<td align="left"><ul>
+<li><p>[Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=733918)</p></li>
+<li><p>[Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911)</p></li>
+<li><p>[Step-By-Step: Building Windows 10 Provisioning Packages](http://go.microsoft.com/fwlink/p/?LinkId=690261)</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left">Group Policy</td>
+<td align="left"><ul>
+<li><p>[Core Network Companion Guide: Group Policy Deployment](http://go.microsoft.com/fwlink/p/?LinkId=733915)</p></li>
+<li><p>[Deploying Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=734024)</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left">Configuration Manager</td>
+<td align="left"><ul>
+<li><p>[Site Administration for System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733914)</p></li>
+<li><p>[Deploying Clients for System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733919)</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left">Intune</td>
+<td align="left"><ul>
+<li><p>[Set up and manage devices with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=690262)</p></li>
+<li><p>[Smoother Management Of Office 365 Deployments with Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=690263)</p></li>
+<li><p>[System Center 2012 R2 Configuration Manager &amp; Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=690264)</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left">MDT</td>
+<td align="left"><ul>
+<li><p>[MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=690324)</p></li>
+<li><p>[Step-By-Step: Installing Windows 8.1 From A USB Key](http://go.microsoft.com/fwlink/p/?LinkId=690265)</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+If you determined that no new management system or no remediation of existing systems is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps.
+
+## <a href="" id="perform-app-migration-or-replacement-"></a>Perform app migration or replacement
+
+
+In the [Plan for app migration or replacement](#plan-app-migrate-replace) section, you identified the apps currently in use on Chromebook devices and selected the Windows apps that will replace the Chromebook apps. You also performed app compatibility testing for web apps to ensure that web apps on the Chromebook devices would run on Microsoft Edge and Internet Explorer.
+
+In this step, you need to configure your management system to deploy the apps to the appropriate Windows users and devices. Table 10 lists the Microsoft management systems and the app deployment resources for each. Use the resources in this table to configure these management systems to deploy the apps that you selected in the [Plan for app migration or replacement](#plan-app-migrate-replace) section of this guide.
+
+Table 10. Management systems and app deployment resources
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Management system</th>
+<th align="left">Resources</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left">Group Policy</td>
+<td align="left"><ul>
+<li><p>[Editing an AppLocker Policy](http://go.microsoft.com/fwlink/p/?LinkId=734025)</p></li>
+<li><p>[Group Policy Software Deployment Background](http://go.microsoft.com/fwlink/p/?LinkId=734026)</p></li>
+<li><p>[Assigning and Publishing Software](http://go.microsoft.com/fwlink/p/?LinkId=734027)</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left">Configuration Manager</td>
+<td align="left"><ul>
+<li><p>[How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733917)</p></li>
+<li><p>[Application Management in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733907)</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left">Intune</td>
+<td align="left"><ul>
+<li><p>[Deploy apps to mobile devices in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733913)</p></li>
+<li><p>[Manage apps with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733910)</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+If you determined that no deployment of apps is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps.
+
+## <a href="" id="migrate-user-device-settings"></a>Perform migration of user and device settings
+
+
+In the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section, you determined the user and device settings that you want to migrate. You selected settings that are configured in the Google Admin Console and locally on the Chromebook device.
+
+Perform the user and device setting migration by using the following steps:
+
+1.  From the list of institution-wide settings that you created in the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section, configure as many as possible in your management system (such as Group Policy, Configuration Manager, or Intune).
+
+2.  From the list of device-specific settings that you created in the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section, configure device-specific setting for higher priority settings.
+
+3.  From the list of user-specific settings that you created in the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section, configure user-specific setting for higher priority settings.
+
+4.  Verify that all higher-priority user and device settings have been configured in your management system.
+
+If you do no want to migrate any user or device settings from the Chromebook devices to the Windows devices, you can skip this section.
+
+## Perform email migration
+
+
+In the [Plan for email migration](#plan-email-migrate) section, you identified the user mailboxes to migrate, identified the companion devices that access Google Apps Gmail, and identified the optimal timing for migration. You can perform this migration before or after you deploy the Windows devices.
+
+Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information on how to automate the migration from Google Apps Gmail to Office 365, see [Migrate Google Apps mailboxes to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690252).
+
+Alternatively, if you want to migrate to Office 365 from:
+
+-   **On-premises Microsoft Exchange Server.** Use the following resources to migrate to Office 365 from an on-premises Microsoft Exchange Server:
+
+    -   [Cutover Exchange Migration and Single Sign-On](http://go.microsoft.com/fwlink/p/?LinkId=690266)
+
+    -   [Step-By-Step: Migration of Exchange 2003 Server to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690267)
+
+    -   [Step-By-Step: Migrating from Exchange 2007 to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690268)
+
+-   **Another on-premises or cloud-based email service.** Follow the guidance from that vendor.
+
+## Perform cloud storage migration
+
+
+In the [Plan for cloud storage migration](#plan-cloud-storage-migration) section, you identified the cloud storage services currently in use, selected the Microsoft cloud storage services that you will use, and optimized your cloud storage services migration plan. You can perform the cloud storage migration before or after you deploy the Windows devices.
+
+Manually migrate the cloud storage migration by using the following steps:
+
+1.  Install both Google Drive app and OneDrive for Business or OneDrive app on a device.
+
+2.  Sign in as the user in the Google Drive app.
+
+3.  Sign in as the user in the OneDrive for Business or OneDrive app.
+
+4.  Copy the data from the Google Drive storage to the OneDrive for Business or OneDrive storage.
+
+5.  Optionally uninstall the Google Drive app.
+
+There are also a number of software vendors who provide software that helps automate the migration from Google Drive to OneDrive for Business, Office 365 SharePoint, or OneDrive. For more information about these automated migration tools, contact the vendors.
+
+## Perform cloud services migration
+
+
+In the [Plan for cloud services migration](#plan-cloud-services)section, you identified the cloud services currently in use, selected the cloud services that you want to migrate, prioritized the cloud services to migrate, and then selected the cloud services migration strategy. You can perform the cloud services migration before or after you deploy the Windows devices.
+
+Migrate the cloud services that you currently use to the Microsoft cloud services that you selected. For example, you could migrate from a collaboration website to Office 365 SharePoint. Perform the cloud services migration based on the existing cloud services and the Microsoft cloud services that you selected.
+
+There are also a number of software vendors who provide software that helps automate the migration from other cloud services to Microsoft cloud services. For more information about these automated migration tools, contact the vendors.
+
+## Perform Windows device deployment
+
+
+In the [Select a Windows device deployment strategy](#select-windows-device-deploy) section, you selected how you wanted to deploy Windows 10 devices. The other migration task that you designed in the [Plan for Windows device deployment](#plan-windevice-deploy) section have already been performed. Now it's time to deploy the actual devices.
+
+For example, if you selected to deploy Windows devices by each classroom, start with the first classroom and then proceed through all of the classrooms until you’ve deployed all Windows devices.
+
+In some instances, you may receive the devices with Windows 10 already deployed, and want to use provisioning packages. In other cases, you may have a custom Windows 10 image that you want to deploy to the devices by using Configuration Manager and/or MDT. For information on how to deploy Windows 10 images to the devices, see the following resources:
+
+-   [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911)
+
+-   [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=733918)
+
+-   [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=690324)
+
+-   [Step-By-Step: Installing Windows 8.1 From A USB Key](http://go.microsoft.com/fwlink/p/?LinkId=690265)
+
+-   [Operating System Deployment in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733916)
+
+In addition to the Windows 10 image deployment, you may need to perform the following tasks as a part of device deployment:
+
+-   Enroll the device with your management system.
+
+-   Ensure that Windows Defender is enabled and configured to receive updates.
+
+-   Ensure that Windows Update is enabled and configured to receive updates.
+
+-   Deploy any apps that you want the user to immediately be able to access when they start the device (such as Word 2016 or Excel 2016).
+
+After you complete these steps, your management system should take over the day-to-day maintenance tasks for the Windows 10 devices. Verify that the user and device settings migrated correctly as you deploy each batch of Windows 10 devices. Continue this process until you deploy all Windows 10 devices.
+
+## Related topics
+
+
+[Try it out: Windows 10 deployment (for education)](http://go.microsoft.com/fwlink/p/?LinkId=623254)
+
+[Try it out: Windows 10 in the classroom](http://go.microsoft.com/fwlink/p/?LinkId=623255)
+
+ 
+
+ 
+
+
+
+
+
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
--- a/education/windows/images/TakeATestURL.png
+++ b/education/windows/images/TakeATestURL.png
--- a/education/windows/images/app-distribution-options.PNG
+++ b/education/windows/images/app-distribution-options.PNG
--- a/education/windows/images/app1.jpg
+++ b/education/windows/images/app1.jpg
--- a/education/windows/images/choose-package.png
+++ b/education/windows/images/choose-package.png
--- a/education/windows/images/chromebook-fig1-googleadmin.png
+++ b/education/windows/images/chromebook-fig1-googleadmin.png
--- a/education/windows/images/connect-aad.png
+++ b/education/windows/images/connect-aad.png
--- a/education/windows/images/deploy-win-10-school-figure1.png
+++ b/education/windows/images/deploy-win-10-school-figure1.png
--- a/education/windows/images/deploy-win-10-school-figure2.png
+++ b/education/windows/images/deploy-win-10-school-figure2.png
--- a/education/windows/images/deploy-win-10-school-figure3.png
+++ b/education/windows/images/deploy-win-10-school-figure3.png
--- a/education/windows/images/deploy-win-10-school-figure4.png
+++ b/education/windows/images/deploy-win-10-school-figure4.png
--- a/education/windows/images/deploy-win-10-school-figure5.png
+++ b/education/windows/images/deploy-win-10-school-figure5.png
--- a/education/windows/images/deploy-win-10-school-figure6.png
+++ b/education/windows/images/deploy-win-10-school-figure6.png
--- a/education/windows/images/deploy-win-10-school-figure7.png
+++ b/education/windows/images/deploy-win-10-school-figure7.png
--- a/education/windows/images/enter-email.PNG
+++ b/education/windows/images/enter-email.PNG
--- a/education/windows/images/express-settings.png
+++ b/education/windows/images/express-settings.png
--- a/education/windows/images/fig2-locallyconfig.png
+++ b/education/windows/images/fig2-locallyconfig.png
--- a/education/windows/images/get-app-store.png
+++ b/education/windows/images/get-app-store.png
--- a/education/windows/images/get-the-app.PNG
+++ b/education/windows/images/get-the-app.PNG
--- a/education/windows/images/it-get-app.PNG
+++ b/education/windows/images/it-get-app.PNG
--- a/education/windows/images/license-terms.png
+++ b/education/windows/images/license-terms.png
--- a/education/windows/images/minecraft-perms.PNG
+++ b/education/windows/images/minecraft-perms.PNG
--- a/education/windows/images/minecraft.PNG
+++ b/education/windows/images/minecraft.PNG
--- a/education/windows/images/oobe.jpg
+++ b/education/windows/images/oobe.jpg
--- a/education/windows/images/package.png
+++ b/education/windows/images/package.png
--- a/education/windows/images/prov.jpg
+++ b/education/windows/images/prov.jpg
--- a/education/windows/images/school.PNG
+++ b/education/windows/images/school.PNG
--- a/education/windows/images/setup-app-1-access.png
+++ b/education/windows/images/setup-app-1-access.png
--- a/education/windows/images/setup-app-1-usb.png
+++ b/education/windows/images/setup-app-1-usb.png
--- a/education/windows/images/setup-app-1-wifi-manual.png
+++ b/education/windows/images/setup-app-1-wifi-manual.png
--- a/education/windows/images/setup-app-1-wifi.png
+++ b/education/windows/images/setup-app-1-wifi.png
--- a/education/windows/images/setup-app-1.PNG
+++ b/education/windows/images/setup-app-1.PNG
--- a/education/windows/images/setup-app-2-directions.png
+++ b/education/windows/images/setup-app-2-directions.png
--- a/education/windows/images/setup-app-3-directions.png
+++ b/education/windows/images/setup-app-3-directions.png
--- a/education/windows/images/setup-app-all-done.png
+++ b/education/windows/images/setup-app-all-done.png
--- a/education/windows/images/setupmsg.jpg
+++ b/education/windows/images/setupmsg.jpg
--- a/education/windows/images/sign-in-prov.png
+++ b/education/windows/images/sign-in-prov.png
--- a/education/windows/images/signin.jpg
+++ b/education/windows/images/signin.jpg
--- a/education/windows/images/take-a-test-flow.png
+++ b/education/windows/images/take-a-test-flow.png
--- a/education/windows/images/teacher-get-app.PNG
+++ b/education/windows/images/teacher-get-app.PNG
--- a/education/windows/images/teacher.PNG
+++ b/education/windows/images/teacher.PNG
--- a/education/windows/images/test-account-icd.PNG
+++ b/education/windows/images/test-account-icd.PNG
--- a/education/windows/images/trust-package.png
+++ b/education/windows/images/trust-package.png
--- a/education/windows/images/who-owns-pc.png
+++ b/education/windows/images/who-owns-pc.png
--- a/education/windows/index.md
+++ b/education/windows/index.md
@ -0,0 +1,28 @@
+---
+title: Windows 10 for Education (Windows 10)
+description: Learn about using Windows 10 in schools.
+ms.prod: W10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Windows 10 for Education
+[Windows 10 Education](https://www.microsoft.com/en-us/education/products/windows/default.aspx) empowers staff, administrators, teachers and students to do great things.
+
+[Find out how to get Windows 10 Education for your school.](https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)
+
+## In this section
+
+|Topic |Description |
+|------|------------|
+| [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | Learn how the Set up School PCs app works and how to use it.  |
+| [Technical reference for the Set up School PCs app (Preview)](set-up-school-pcs-technical.md) | See the changes that the Set up School PCs app makes to a PC.  |
+| [Take tests in Windows 10](take-tests-in-windows-10.md) | Learn how to configure and use the **Take a Test** app in Windows 10 |
+| [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) | Learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. |
+| [Chromebook migration guide](chromebook-migration-guide.md) | Learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. |
+
+## Related topics
+
+- [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/index)
+- [Try it out: virtual labs for Windows 10 Education](https://technet.microsoft.com/en-us/windows/dn610356)
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@ -0,0 +1,262 @@
+---
+title: Set up School PCs app technical reference
+description: Describes the changes that the Set up School PCs app makes to a PC.
+keywords: ["shared cart", "shared PC", "school"]
+ms.prod: W10
+ms.mktglfcycl: plan
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Technical reference for the Set up School PCs app (Preview)
+**Applies to:**
+
+-   Windows 10 Insider Preview 
+
+
+> <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ]</span>
+
+The **Set up School PCs** app helps you set up new Windows 10 PCs that work great in your school by configuring shared PC mode, available in Windows 10, version 1607. **Set up School PCs** also configures school-specific settings and policies, described in this topic.
+
+If your school uses Azure Active Directory (Azure AD) or Office 365, the **Set up School PCs** app will create a setup file that connects the computer to your subscription.  You can also use the app to set up school PCs that anyone can use, with or without Internet connectivity. 
+
+The following table tells you what you get using the **Set up School PCs** app in your school. 
+
+| Feature | No Internet | Azure AD | Office 365 | Azure AD Premium |
+| --- | :---: | :---: | :---: | :---: |
+| **Fast sign-in**<br/>Each student can sign in and start using the computer in less than a minute, even on their first sign-in. | X | X | X | X |
+| **Custom Start experience**\*<br/>The apps students need are pinned to Start, and unnecessary apps are removed. | X | X | X | X |
+| **Temporary access, no sign-in required**<br/>This option sets up computers for common use. Anyone can use the computer without an account. | X | X | X | X |
+| **School policies**\*<br/>Settings specific to education create a useful learning environment and the best computer performance. | X | X | X | X |
+| **Azure AD Join**<br/>The computers are  joined to your Azure AD or Office 365 subscription for centralized management. |   | X | X | X |
+| **Single sign-on to Office 365**<br/>By signing on with student IDs, students have fast access to Office 365 web apps. |   |    | X | X |
+| **[Settings roaming](https://azure.microsoft.com/en-us/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) via Azure AD**<br/>Student user and application settings data can be synchronized across devices for a personalized experience. |   |    |    | X |
+|   |    |    |   |   |
+\* Feature applies to Windows 10 Pro, Windows 10 Pro for Education, Windows 10 Enterprise, and Windows 10 Enterprise for EDU
+
+> **Note**: If your school uses Active Directory, use Windows Imaging and Configuration Designer to configure your PCs to join the domain. You can only use the **Set up School PCs** app to set up PCs that are not connected to your traditional domain.
+
+## Prerequisites for IT
+
+* If your school uses Azure AD, [configure your directory to allow devices to join](https://azure.microsoft.com/en-us/documentation/articles/active-directory-azureadjoin-setup/).  If the teacher is going to set up a lot of devices, give the teacher appropriate privileges for joining devices or make a special account.
+* Office 365, which includes online versions of Office apps plus 1 TB online storage and [Microsoft Classroom](https://classroom.microsoft.com/), is free for teachers and students. [Sign up your school for Office 365 Education.](https://products.office.com/en-us/academic/office-365-education-plan)
+* If your school has an Office 365 Education subscription, it includes a free Azure AD subscription. [Register your free Azure AD subscription.](https://msdn.microsoft.com/en-us/library/windows/hardware/mt703369%28v=vs.85%29.aspx)
+* After you set up your Office 365 Education tenant, use [Microsoft School Data Sync Preview](https://sis.microsoft.com/) to sync user profiles and class rosters from your Student Information System (SIS).
+
+
+## Information about Windows Update
+
+Shared PC mode helps ensure that computers are always up-to-date. If a PC is configured using the **Set up School PCs** app, shared PC mode sets the power states and Windows Update to: 
+* Wake nightly
+* Check and install updates
+* Forcibly reboot if necessary to finish applying updates
+
+The PC is also configured to not interrupt the user during normal daytime hours with updates or reboots.
+
+## Guidance for accounts on shared PCs
+
+* We recommend no local admin accounts on the PC to improve the reliability and security of the PC.
+* When a PC is set up in shared PC mode, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account managment happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Start without an account** will also be deleted automatically at sign out.
+* On a Windows PC joined to Azure Active Directory:
+    * By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC.
+    * With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal.
+* Local accounts that already exist on a PC won’t be deleted when turning on shared PC mode. However, any new local accounts created by the **Start without an account** selection on the sign-in screen (if enabled) will automatically be deleted at sign-out.
+* If admin accounts are necessary on the PC
+    * Ensure the PC is joined to a domain that enables accounts to be signed on as admin, or
+    * Create admin accounts before setting up shared PC mode, or 
+    * Create exempt accounts before signing out.
+* The account management service supports accounts that are exempt from deletion.
+    * An account can be marked exempt from deletion by adding the account SID to the `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\` registry key.
+    * To add the account SID to the registry key using PowerShell:
+        ```
+        $adminName = "LocalAdmin"
+        $adminPass = 'Pa$$word123'
+        iex "net user /add $adminName $adminPass"
+        $user = New-Object System.Security.Principal.NTAccount($adminName) 
+        $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]) 
+        $sid = $sid.Value;
+        New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force
+        ``` 
+
+
+## Custom images
+Shared PC mode is fully compatible with custom images that may be created by IT departments. Create a custom image and then use sysprep with the `/oobe` flag to create an image that teachers can then apply the **Set up School PCs** provisioning package to. [Learn more about sysprep](https://technet.microsoft.com/en-us/library/cc721940(v=ws.10).aspx).
+
+## Provisioning package details
+
+The **Set up School PCs** app produces a specialized provisioning package that makes use of the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723294%28v=vs.85%29.aspx). 
+
+### Education customizations
+
+- Saving content locally to the PC is disabled. This prevents data loss by forcing students to save to the cloud.
+- A custom Start layout and sign in background image are set.
+- Prohibits Microsoft Accounts (MSAs) from being created.
+- Prohibits unlocking the PC to developer mode.
+- Prohibits untrusted Windows Store apps from being installed.
+- Prohibits students from removing MDM.
+- Prohibits students from adding new provisioning packages.
+- Prohibits student from removing existing provisioning packages (including the one set by **Set up School PCs**).
+- Sets active hours from 6 AM to 6 PM.
+- Sets Windows Update to update nightly.
+
+
+### Uninstalled apps 
+
+- 3D Builder (Microsoft.3DBuilder_8wekyb3d8bbwe)
+- Weather (Microsoft.BingWeather_8wekyb3d8bbwe)
+- Get Started (Microsoft.Getstarted_8wekyb3d8bbwe)
+- Get Office (Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)
+- Microsoft Solitaire Collection (Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe)
+- Paid Wi-Fi & Cellular (Microsoft.OneConnect_8wekyb3d8bbwe)
+- Feedback Hub (Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe)
+- Xbox (Microsoft.XboxApp_8wekyb3d8bbwe)
+- Groove Music (Microsoft.ZuneMusic_8wekyb3d8bbwe)
+- Movies & TV (Microsoft.ZuneVideo_8wekyb3d8bbwe)
+- Mail/Calendar (microsoft.windowscommunicationsapps_8wekyb3d8bbwe)
+
+### Local Group Policies
+
+> **Important**: It is not recommended to set additional policies on PCs configured with the **Set up School PCs** app.	The shared PC mode has been optimized to be fast and reliable over time with minimal to no manual maintenance required.
+
+<table border="1"> 
+<thead><tr><th colspan="2"><p>Policy path</p></th></tr>
+<tr><th><p>Policy name</p></th><th><p>Value</p></th> 
+</tr> </thead>
+<tbody>
+<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>Control Panel</strong> > <strong>Personalization</strong></p></td> 
+</tr> 
+<tr><td><p>Prevent enabling lock screen slide show</p></td><td><p>Enabled</p></td>
+</tr> 
+<tr><td><p>Prevent changing lock screen and logon image</p></td><td><p>Enabled</p></td>
+</tr> 
+<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Button Settings</strong></p></td> 
+</tr> 
+<tr><td><p>Select the Power button action (plugged in)</p></td><td><p>Sleep</p></td> 
+</tr> 
+<tr><td><p>Select the Power button action (on battery)</p></td><td><p>Sleep</p></td> 
+</tr> 
+<tr><td><p>Select the Sleep button action (plugged in)</p></td><td><p>Sleep</p></td> 
+</tr> 
+<tr><td><p>Select the lid switch action (plugged in)</p></td><td><p>Sleep</p></td>
+</tr> 
+<tr><td><p>Select the lid switch action (on battery)</p></td><td><p>Sleep</p></td>
+</tr> 
+<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Sleep Settings</strong></p></td> 
+</tr> 
+<tr><td><p>Require a password when a computer wakes (plugged in)</p></td><td><p>Enabled</p></td>
+</tr> 
+<tr><td><p>Require a password when a computer wakes (on battery)</p></td><td><p>Enabled</p></td>
+</tr>
+<tr><td><p>Specify the system sleep timeout (plugged in)</p></td><td><p>1 hour</p></td>
+</tr> 
+<tr><td><p>Specify the system sleep timeout (on battery)</p></td><td><p>1 hour</p></td>
+</tr> 
+<tr> <td> <p> Turn off hybrid sleep (plugged in) </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td> <p> Turn off hybrid sleep (on battery) </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td> <p> Specify the unattended sleep timeout (plugged in) </p> </td> <td> <p> 1 hour </p> </td>  
+</tr> 
+<tr> <td> <p> Specify the unattended sleep timeout (on battery) </p> </td> <td> <p> 1 hour </p> </td> 
+</tr> 
+<tr> <td> <p> Allow standby states (S1-S3) when sleeping (plugged in) </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td> <p> Allow standby states (S1-S3) when sleeping (on battery) </p> </td> <td> <p> Enabled </p> </td> 
+</tr> 
+<tr> <td> <p> Specify the system hibernate timeout (plugged in) </p> </td> <td> <p> Enabled, 0 </p> </td> 
+</tr> 
+<tr> <td> <p> Specify the system hibernate timeout (on battery) </p> </td> <td> <p> Enabled, 0 </p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>System</strong>  >  <strong>Power Management</strong>  >  <strong>Video and Display Settings</strong> </p> </td> </tr> 
+<tr> <td> <p> Turn off the display (plugged in) </p> </td> <td> <p> 1 hour </p> </td> 
+</tr>
+ <tr> <td> <p> Turn off the display (on battery </p> </td> <td> <p> 1 hour </p> </td>  
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>System</strong>  >  <strong>Logon</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Show first sign-in animation </p> </td> <td> <p> Disabled </p> </td>  
+</tr> 
+<tr> <td> <p> Hide entry points for Fast User Switching </p> </td> <td> <p> Enabled </p> </td> 
+</tr> 
+<tr> <td> <p> Turn on convenience PIN sign-in </p> </td> <td> <p> Disabled </p> </td>  
+</tr> 
+<tr> <td> <p> Turn off picture password sign-in </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td> <p> Turn off app notification on the lock screen </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td> <p> Allow users to select when a password is required when resuming from connected standby </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td> <p> Block user from showing account details on sign-in </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>System</strong>  >  <strong>User Profiles</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Turn off the advertising ID </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components </strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Do not show Windows Tips </p> </td> <td> <p> Enabled </p> </td> 
+</tr> 
+<tr> <td> <p> Turn off Microsoft consumer experiences </p> </td> <td> <p> Enabled </p> </td> 
+</tr> 
+<tr> <td> <p> Microsoft Passport for Work </p> </td> <td> <p> Disabled </p> </td>  
+</tr> 
+<tr> <td> <p> Prevent the usage of OneDrive for file storage </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Biometrics</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Allow the use of biometrics </p> </td> <td> <p> Disabled </p> </td>  
+</tr> 
+<tr> <td> <p> Allow users to log on using biometrics </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td> <p> Allow domain users to log on using biometrics </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Data Collection and Preview Builds</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Toggle user control over Insider builds </p> </td> <td> <p> Disabled </p> </td>  
+</tr> 
+<tr> <td> <p> Disable pre-release features or settings </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td> <p> Do not show feedback notifications </p> </td> <td> <p> Enabled </p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>File Explorer</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Show lock in the user tile menu </p> </td> <td> <p> Disabled </p> </td>  
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Maintenance Scheduler</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Automatic Maintenance Activation Boundary </p> </td> <td> <p> 12am </p> </td>  
+</tr> 
+<tr> <td> <p> Automatic Maintenance Random Delay </p> </td> <td> <p> Enabled, 2 hours </p> </td> 
+</tr> 
+<tr> <td> <p> Automatic Maintenance WakeUp Policy </p> </td> <td> <p> Enabled </p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Microsoft Edge</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Open a new tab with an empty tab </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td> <p> Configure corporate home pages </p> </td> <td> <p> Enabled, about:blank </p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Search</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Allow Cortana </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Windows Settings</strong>  >  <strong>Security Settings</strong>  >  <strong>Local Policies</strong>  >  <strong>Security Options</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Interactive logon: Do not display last user name </p> </td> <td> <p> Enabled </p>   </td>
+</tr> 
+<tr> <td> <p> Interactive logon: Sign-in last interactive user automatically after a system-initiated restart </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td> <p> Shutdown: Allow system to be shut down without having to log on </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td> <p> User Account Control: Behavior of the elevation prompt for standard users </p> </td> <td> <p> Auto deny </p> </td>  
+</tr> 
+</tbody>
+</table> </br></br>
+
+## Related topics
+
+[Use Set up School PCs app](use-set-up-school-pcs-app.md)
+
+
+
+
--- a/education/windows/take-a-test-app-technical.md
+++ b/education/windows/take-a-test-app-technical.md
@ -0,0 +1,82 @@
+---
+title: Take a Test app technical reference
+description: The policies and settings applied by the Take a Test app.
+keywords: ["shared cart", "shared PC", "school"]
+ms.prod: W10
+ms.mktglfcycl: plan
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Take a Test app technical reference (Preview)
+**Applies to:**
+
+-   Windows 10 Insider Preview 
+
+
+> <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ]</span>
+
+Take a Test is an app that locks down the PC and displays an online assessment web page.   
+
+Whether you are a teacher or IT administrator, you can easily configure Take a Test to meet your testing needs. For high-stakes tests, the app creates a browser-based, locked-down environment for more secure online assessments. This means that students taking the tests that don’t have copy/paste privileges, can’t access to files and applications, and are free from distractions. For simple tests and quizzes, Take a Test can be configured to use the teacher’s preferred assessment website to deliver digital assessments
+
+Assessment vendors can use Take a Test as a platform to lock down the operating system. Take a Test supports the [SBAC browser API standard](http://www.smarterapp.org/documents/SecureBrowserRequirementsSpecifications_0-3.pdf) for high stakes common core testing. (Link to Javascript API when available)
+
+## PC lockdown for assessment
+
+ When the assessment page initiates lock down, the student’s desktop will be locked and the app will be launched above the Windows lock screen to provide a sandbox that ensures the student can only interact with the Take a Test app . After transitioning to the lock screen, Take a Test will apply local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lockdown. The lockdown process is atomic, which means that if any part of the lockdown operation fails, the app will not be above lock and won't have any of the policies applied.  
+
+When running above the lock screen:
+- The app runs full screen with no chrome 
+
+- The hardware print screen button is disabled 
+
+- Content within the app will show up as black in screen capturing/sharing software Copy/paste is disabled 
+
+- Web apps can query the processes currently running in the user’s device
+
+- Extended display shows up as black 
+
+- Auto-fill is disabled
+
+## Mobile device management (MDM) policies
+
+When Take a Test is running, the following MDM policies are applied to lock down the PC.
+
+| Policy | Description | Value |
+|---|---|---|
+| AllowToasts | Disables toast notifications from being shown | 0 |
+| AllowAppStoreAutoUpdate | Disables automatic updates for Windows Store apps that are installed on the PC | 0 |
+| AllowDeviceDiscovery | Disables UI for screen sharing | 0 |
+| AllowInput Panel | Disables the onscreen keyboard which will disable auto-fill | 0 |
+| AllowCortana | Disables Cortana functionality | 0 |
+| AllowAutoupdate | Disables Windows Update from starting OS updates | 5 |
+
+## Allowed functionality
+
+When Take a Test is running, the following functionality is available to students:
+
+- Assistive technology that is configured to run above the lock screen should run as expected 
+
+- Narrator is available through Windows key + Enter 
+
+- Magnifier is available through Windows key + "+" key 
+
+    - Full screen mode is compatible  
+
+- The student can press Alt+Tab when locked down. This results in the student being able to switch between the following:
+
+    - Take a Test 
+    - Assistive technology that may be running 
+    - Lock Screen (not available if student is using a dedicated test account)
+    > **Note** The app will exit if the student signs in to an account from the lock screen. Progress made in the test may be lost or invalidated. 
+
+- The student can exit the test by pressing one of the following key combinations: 
+
+    - Ctrl+Alt+Del 
+
+    - Alt+F4 (**Take a Test** will restart if the student is using a dedicated test account)
+
+
+
+
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@ -0,0 +1,215 @@
+---
+title: Set up Take a Test on multiple PCs
+description: Learn how to set up and use the Take a Test app on multiple PCs.
+keywords: ["shared cart", "shared PC", "school"]
+ms.prod: W10
+ms.mktglfcycl: plan
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Set up Take a Test on multiple PCs (Preview)
+**Applies to:**
+
+-   Windows 10 Insider Preview  
+
+
+> <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ]</span>
+
+Many schools use online testing for formative and summative assessments. It's critical that students use a secure browser that prevents them from using other computer or Internet resources during the test. The **Take a Test** app in Windows 10, Version 1607, creates the right environment for taking a test:
+
+- A Microsoft Edge browser window opens, showing just the test and nothing else.
+- Students aren’t able to go to other websites.
+- Students can’t open or access other apps.
+- Students can't share, print, or record their screens.
+- Students can’t copy or paste.
+- Students can’t change settings, extend their display, see notifications, get updates, or use autofill features.
+- Cortana is turned off.
+
+
+**Take a Test** is included in Windows 10 Education. To add **Take a Test** to other editions of Windows 10, see [Add the Take a Test app to Windows 10](take-tests-in-windows-10.md#add-the-take-a-test-app-to-windows-10)
+
+## How you use Take a Test
+
+![Use test account or test url in Take a Test](images/take-a-test-flow.png)
+
+- **Use a test URL and a [dedicated testing account](#set-up-a-dedicated-test-account)** - A user signs in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
+- **[Put a test URL with an included prefix](#provide-link-to-test) on a web page or OneNote for students to click** - This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments.
+
+## Set up a dedicated test account
+
+To configure a dedicated test account on multiple PCs, you can use:
+- [Mobile device management (MDM) or Microsoft System Center Configuration Manager](#set-up-test-account-in-mdm-or-configuration-manager)
+- [A provisioning package](#set-up-test-account-in-a-provisioning-package) created in Windows Imaging and Configuration Designer (ICD)
+- [Group Policy](#set-up-test-account-in-group-policy) to deploy a scheduled task that runs a Powershell script
+    
+
+### Set up test account in MDM or Configuration Manager
+
+1. Launch your management console.
+2. Create a policy to set up single app kiosk mode, using the following values:
+
+    - **Custom OMA-DM URI** = ./Vendor/MSFT/AssignedAccess/KioskModeApp
+    - **String value** = {"Account":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}
+
+    > Account can be in one of the following formats:
+    > - username
+    > - domain\username
+    > - computer name\\username
+    > - username@tenant.com
+
+3. Create a policy to configure the assessment URL, using the following values:
+
+    - **Custom OMA-DM URI** = ./Vendor/MSFT/SecureAssessment/LaunchURI
+    - **String value** = *assessment URL*
+    > See [Assessment URLs](#assessment-urls)
+    
+4. Create a policy that associates the assessment URL to the account, using the following values:
+
+    - **Custom OMA-DM URI** = ./Vendor/MSFT/SecureAssessment/TesterAccount
+    - **String value** = Enter the account that you created in step 2, using the same account format.
+    
+5. To take the test, the student signs in to the test account.
+
+### Set up test account in a provisioning package
+
+Prerequisite: You must first [download the Windows ADK](https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx) for Windows 10, Version 1607, and  install Windows Imaging and Configuration Designer (ICD).
+
+**Create a provisioning package to set up a test account
+
+1. Open Windows ICD (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe). 
+2. Select **Advanced provisioning**.
+3. Name your project, and click **Next**.
+4. Select **All Windows desktop editions**, and click **Next**.
+5. Click **Finish**.
+6. Go to **Runtime settings** > **AssignedAccess** > **AssignedAccessSettings**. 
+7. Enter **{"Account":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}**, using the account that you want to set up, as shown in the following image.
+
+    ![Enter account and app for Assigned Access Settings](images/test-account-icd.png)
+    > Account can be in one of the following formats:
+    > - username
+    > - domain\username
+    > - computer name\\username
+    > - username@tenant.com
+    
+8. Go to **Runtime settings** > **TakeATest**.
+9. Enter the test URL in **LaunchURI**.
+10. Enter the test account from step 7 in **TesterAccount**.
+On the **File** menu, select **Save.**
+
+9.  On the **Export** menu, select **Provisioning package**.
+
+10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
+
+11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
+
+    -   **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
+
+    -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package.
+
+12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows ICD uses the project folder as the output location.
+
+    Optionally, you can click **Browse** to change the default output location.
+
+13. Click **Next**.
+
+14. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
+
+    If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
+
+15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+
+    If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
+
+    -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
+    -   If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. 
+
+ **Apply the provisioning package**
+ 
+ 1.  Select the provisioning package that you want to apply, double-click the file, and then allow admin privileges.
+
+2.  Consent to allow the package to be installed.
+
+    After you allow the package to be installed, the settings will be applied to the device
+
+[Learn how to apply a provisioning package in audit mode or OOBE.](http://go.microsoft.com/fwlink/p/?LinkID=692012)
+
+### Set up test account in Group Policy
+
+To set up a test account using Group Policy, first create a Powershell script that configures the test account and test URL, and then create a scheduled task to run the script.
+
+#### Create a Powershell script
+
+This sample Powershell script configures the test account and the test URL. Edit the sample to: 
+- Use your test account for **$obj.LaunchURI**  
+- Use your test URL for **$obj.TesterAccount**
+- Use your test account for **-UserName** 
+
+```
+$obj = get-wmiobject -namespace root/cimv2/mdm/dmmap -class MDM_SecureAssessment -filter "InstanceID='SecureAssessment' AND ParentID='./Vendor/MSFT'"; 
+$obj.LaunchURI='http://www.foo.com'; 
+$obj.TesterAccount='TestAccount'; 
+$obj.put()
+Set-AssignedAccess -AppUserModelId Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App -UserName TestAccount
+```
+
+
+#### Create a scheduled task in Group Policy
+
+1. Open the Group Policy Management Console. 
+2. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click **Edit**.
+3. In the console tree under **Computer Configuration** or **User Configuration**, go to **Preferences** > **Control Panel Settings**.
+4. Right-click **Scheduled Tasks**, point to **New**, and select **Scheduled Task**.
+5. In the **New Scheduled Task Properties** dialog box, click **Change User or Group**.
+6. In the **Select User or Group** dialog box, click **Advanced**.
+7. In the **Advanced** dialog box, click **Find Now**.
+8. Select **System** in the search results
+9. Go back to the **Properties** dialog box and select **Run with highest privileges** under **Security options**.
+9. Specify the operating system in the **Configure for** field.
+9. Navigate to the **Actions** tab.
+9. Create a new **Action**.
+9. Configure the action to **Start a program**.
+9. In the **Program/script** field, enter **powershell**.
+9. In the **Add arguments** field, enter **-file “<path to powershell script>”**.
+9. Click **OK**.
+9. Navigate to the **Triggers** tab and create a new trigger.
+9. Specify the trigger to be **On a schedule**.
+9. Specify the trigger to be **One time**.
+9. Specify the time the trigger should start.
+9. Click **OK**.
+9. In the **Settings** tab, select **Run task as soon as possible after a scheduled start is missed**.
+9. Click **OK**.
+
+
+
+## Provide link to test
+
+Anything hosted on the web can be presented in a locked down manner, not just assessments. To lock down online content, just embed a URL with a specific prefix and devices will be locked down when users follow the link. We recommend using this method for lower stakes assessments. 
+
+1. Create a link to the test URL. Use **ms-edu-secureassessment:** before the URL and **!enforceLockdown** after the URL.
+``` 
+ms-edu-secureassessment:<URL>!enforceLockdown
+ ```
+ > **Note**:   You may want to remove !enforceLockdown for tests that utilizes our lockdown API that checks for running processes before locking down. Removing !enforceLockdown will result in the app not locking down immediately which allows you to close apps that are not allowed to run during lockdown. The test web application may lock down the device once you have closed the apps. 
+
+2. Distribute the link. You can use the web, email, OneNote, or any other method of your choosing.
+3. To take the test, the student clicks on the link and provides user consent.
+
+
+
+## Assessment URLs
+
+This assessment URL uses our lockdown API:
+
+- SBAC/AIR:  [http://mobile.tds.airast.org/launchpad/](http://mobile.tds.airast.org/launchpad/).
+
+
+## Related topics
+
+[Take tests in Windows 10](take-tests-in-windows-10.md)
+
+[Set up Take a Test on a single PC](take-a-test-single-pc.md)
+
+[Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)
+
+[Take a Test app technical reference](take-a-test-app-technical.md)
--- a/education/windows/take-a-test-single-pc.md
+++ b/education/windows/take-a-test-single-pc.md
@ -0,0 +1,85 @@
+---
+title: Set up Take a Test on a single PC
+description: Learn how to set up and use the Take a Test app on a single PC.
+keywords: ["shared cart", "shared PC", "school"]
+ms.prod: W10
+ms.mktglfcycl: plan
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Set up Take a Test on a single PC (Preview)
+**Applies to:**
+
+-   Windows 10 Insider Preview  
+
+
+> <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ]</span>
+
+The **Take a Test** app in Windows 10, Version 1607, creates the right environment for taking a test:
+
+- A Microsoft Edge browser window opens, showing just the test and nothing else.
+- Students aren’t able to go to other websites.
+- Students can’t open or access other apps.
+- Students can't share, print, or record their screens.
+- Students can’t copy or paste.
+- Students can’t change settings, extend their display, see notifications, get updates, or use autofill features.
+- Cortana is turned off.
+
+> **Tip!**
+> To exit **Take a Test**, press Ctrl+Alt+Delete. 
+
+**Take a Test** is included in Windows 10 Education. To add **Take a Test** to other editions of Windows 10, see [Add the Take a Test app to Windows 10](take-tests-in-windows-10.md#add-the-take-a-test-app-to-windows-10)
+
+## How you use Take a Test
+
+![Use test account or test url in Take a Test](images/take-a-test-flow.png)
+
+- **Use a test URL and a [dedicated testing account](#set-up-a-dedicated-test-account)** - A user signs in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
+- **[Put a test URL with an included prefix](#provide-link-to-test) on a web page or OneNote for students to click** - This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments.
+
+## Set up a dedicated test account
+
+
+    
+
+
+
+1. Sign into the device with an administrator account.
+2. Go to **Settings** > **Accounts** > **Work or school access** (final name needs to be updated, still TBD) > **Set up an account for taking tests**.
+3. Select an account to use as the dedicated testing account.
+    >**Note**: If you don't have an account on the device, you can create a new account. To do this, go to **Settings** > **Accounts** > **Other Users** > **Add someone else to this PC** > **I don’t have this person’s sign-in information** > **Add a user without a Microsoft account**.
+4. Specify an assessment URL.  
+
+5. Click **Save**.
+
+6. To take the test, the student signs in to the selected account.
+
+
+
+
+## Provide link to test
+
+Anything hosted on the web can be presented in a locked down manner, not just assessments. To lock down online content, just embed a URL with a specific prefix and devices will be locked down when users follow the link. We recommend using this method for lower stakes assessments. 
+
+1. Create a link to the test URL. Use **ms-edu-secureassessment:** before the URL and **!enforceLockdown** after the URL.
+``` 
+ms-edu-secureassessment:<URL>!enforceLockdown
+ ```
+
+2. Distribute the link. You can use the web, email, OneNote, or any other method of your choosing.
+3. To take the test, the student clicks on the link and provides user consent.
+
+
+## Related topics
+[Take tests in Windows 10](take-tests-in-windows-10.md)
+
+[Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)
+
+[Take a Test app technical reference](take-a-test-app-technical.md)
+
+
+
+
+
+
--- a/education/windows/take-tests-in-windows-10.md
+++ b/education/windows/take-tests-in-windows-10.md
@ -0,0 +1,68 @@
+---
+title: Take tests in Windows 10
+description: Learn how to set up and use the Take a Test app.
+keywords: ["shared cart", "shared PC", "school"]
+ms.prod: W10
+ms.mktglfcycl: plan
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Take tests in Windows 10 (Preview)
+**Applies to:**
+
+-   Windows 10 Insider Preview  
+
+
+> <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ]</span>
+
+Many schools use online testing for formative and summative assessments. It's critical that students use a secure browser that prevents them from using other computer or Internet resources during the test. The **Take a Test** app in Windows 10, Version 1607, creates the right environment for taking a test:
+
+- **Take a Test** shows just the test and nothing else.
+- Students aren’t able to go to other websites.
+- Students can’t open or access other apps.
+- Students can't share, print, or record their screens.
+- Students can’t copy or paste.
+- Students can’t change settings, extend their display, see notifications, get updates, or use autofill features.
+- Cortana is turned off.
+
+
+**Take a Test** is included in Windows 10 Education. To add **Take a Test** to other editions of Windows 10, see [Add the Take a Test app to Windows 10](#add-the-take-a-test-app-to-windows-10)
+
+## How you use Take a Test
+
+![Use test account or test url in Take a Test](images/take-a-test-flow.png)
+
+- **Use a test URL and a dedicated testing account** - A user signs in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
+- **Put a test URL with an included prefix on a web page or OneNote for students to click** - This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments.
+
+[Learn how to set up Take a Test on a single PC](take-a-test-single-pc.md)
+
+[Learn how to set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)
+
+## Add the Take a Test app to Windows 10
+
+You can add the Take a Test app to Windows 10 Pro and Enterprise.
+
+### Add Take a Test on a single PC
+
+Use **Settings** to get **Take a Test** from Windows Update.
+
+1. Open **Settings**.
+2. Go to **System** > **Apps & features** > **Manage optional features** > **Add a feature**.
+3. Select **Take a Test**.
+
+### Deploy Take a Test to multiple PCs using DISM
+
+You can deploy the Take a Test package through Deployment Image Servicing and Management (DISM.exe).
+
+1. Get the Take a Test package from the [Microsoft update catalog](http://catalog.update.microsoft.com/).
+2. Upload the package to a network share or to your Windows Server Update Services (WSUS) server.
+3. Create and deploy a DISM script to add the package to offline or online images. For more information on how to add or enable features through DISM, see [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/dism-operating-system-package-servicing-command-line-options).
+
+## Related topics
+
+[Take a Test app technical reference](take-a-test-app-technical.md)
+
+
+
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@ -0,0 +1,142 @@
+---
+title: Use Set up School PCs app
+description: Learn how the Set up School PCs app works and how to use it.
+keywords: ["shared cart", "shared PC", "school"]
+ms.prod: W10
+ms.mktglfcycl: plan
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Use the Set up School PCs app (Preview)
+**Applies to:**
+
+-   Windows 10 Insider Preview  
+
+
+> <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ]</span>
+
+Teachers and IT administrators can use the **Set up School PCs** app to quickly set up computers for students. A computer set up using the app is tailored to provide students with the tools they need for learning while removing apps and features that they don't need.
+
+![Run app, turn on PC, insert USB key](images/app1.jpg)
+
+## What does this app do?
+
+The Set up School PCs app helps you set up new computers running Windows 10, version 1607. Some benefits of using this app to set up your students' PCs:
+* A computer set up this way is tailored to provide students with the tools they need for learning while removing apps and features that they don't need. 
+    * Places tiles for OneNote, Office 365 web apps, Sway, and Microsoft Classroom on the Start menu
+    * Installs OneDrive for cloud-based documents and places it on the Start menu and taskbar 
+    * Sets Microsoft Edge as the default browser
+    * Uninstalls apps not specific to education, such as Solitaire and Sports
+    * Turns off Offers and tips
+    * Prevents students from adding personal Microsoft accounts to the computer
+* Significantly improves how fast students sign-in.
+* The app connects the PCs to your school’s cloud so IT can manage them (optional).
+* Windows 10 automatically manages accounts no matter how many students use the PC.
+* Keeps computers up-to-date without interfering with class time using Windows Update and maintenance hours (by default, 12 AM).
+* Customizes the sign-in screen to support students with IDs and temporary users.
+* Locks down the computer to prevent mischievous activity:
+    * Prevents students from installing apps
+    * Prevents students from removing the computer from the school's device management system
+    * Prevents students from removing the Set up School PCs settings
+
+
+## Tips for success
+
+* **Run the app at work**: For the best results, run the **Set up School PCs** app on your work device connected to your school's network. That way the app can gather accurate information about your wireless networks and cloud subscriptions.
+    > **Note**: Don't use **Set up Schools PCs** app for PCs that must connect to enterprise networks or to open wi-fi networks that require the user to accept Terms of Use.
+* **Apply to new computers**: The setup file that the **Set up School PCs** app creates should be used on new computers that haven't been set up for accounts yet. If you apply the setup file to a computer that has already been set up, existing accounts and data might be lost.
+> **Warning**: Only use the setup file on computers that you want to configure and lock down for students. After you apply the setup file to a computer, the computer must be reset to remove the settings.
+* **Turn on student PCs and stay on first screen**: The computer must be on this screen when you insert the USB key.
+
+![The first screen to set up a new PC](images/oobe.jpg)
+
+If you have gone past this screen, you may have to reset your PC to start over.  To reset your PC after you have completed the first run experience, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
+* **Use more than one USB key**: If you are setting up multiple PCs, you can set them up at the same time.  Just run the **Set up School PCs** app again and save the same settings to another key. That way you can run set up on more than one PC at once.  Create three keys and you can run it on three PCs at once, etc. 
+* **Start fresh**: If the PC has already been set up and you want to return to the first-run-experience to apply a new package, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
+* **Keep it clean**:  We strongly recommend that IT avoid changes to policies unless absolutely necessary, as any changes can impair performance and sign-in time. Get more information at [Set up School PCs app technical reference](set-up-school-pcs-technical.md).
+
+## Set up School PCs app step-by-step
+
+What you need:
+
+- The **Set up School PCs** app, installed on your work computer, connected to your school's network
+- A USB drive, 1 GB or larger
+
+### Create the setup file in the app
+
+The **Set up School PCs** app guides you through the configuration choices for the student PCs.
+
+1. Open the **Set up School PCs** app and select **Start**.
+
+    ![select start](images/app1.jpg)
+    
+2. Choose **No** to require students to sign in only with an account, or choose **Yes** to allow students to use the PC without an account too, and then select **Next**.
+
+    ![account required?](images/setup-app-1-access.png)
+
+3. Choose a Wi-Fi network from the list and then select **Next**, or choose **Manually connect to a wireless network** to enter the network information yourself.
+
+    ![choose network](images/setup-app-1-wifi.png)
+
+    - For a manual network connection, enter the network name, security type, and password (if required), and then select **Next**.
+        
+        ![enter network information](images/setup-app-1-wifi-manual.png)
+    
+4. Insert a USB drive, select it in the app, and then select **Save**.
+
+    ![select usb drive](images/setup-app-1-usb.png)
+
+
+
+### Apply the setup file to PCs
+
+The setup file on your USB drive is named `SetupSchoolPCs.ppkg`, which is a provisioning package. A provisioning package is a method for applying settings to Windows 10. When Windows 10 refers to *package*, it means your setup file, and when it refers to *provisioning*, it means applying the setup file to the computer.
+
+1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
+
+    ![The first screen to set up a new PC](images/oobe.jpg)
+
+2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
+
+    ![Set up device?](images/setupmsg.jpg)
+
+3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
+
+    ![Provision this device](images/prov.jpg)
+    
+4. Select `SetupSchoolPCs.ppkg` and tap **Next**.
+
+    ![Choose a package](images/choose-package.png)
+
+5. Select **Yes, add it**.
+
+    ![Do you trust this package?](images/trust-package.png)
+    
+6. Read and accept the Microsoft Software License Terms.  
+
+    ![Sign in](images/license-terms.png)
+    
+7. Select **Use Express settings**.
+
+    ![Get going fast](images/express-settings.png)
+
+8. If the PC doesn't use a volume license, you'll see the **Who owns this PC?** screen. Select **My work or school owns it** and tap **Next**.
+
+    ![Who owns this PC?](images/who-owns-pc.png)
+
+9. On the **Choose how you'll connect** screen, select **Join Azure AD** and tap **Next**.
+
+    ![Connect to Azure AD](images/connect-aad.png)
+
+10. Your last step is to sign in. Use your Azure AD or Office 365 account and password. When you see the progress ring, you can remove the USB drive.
+
+    ![Sign in](images/sign-in-prov.png)
+
+    
+That's it! Sign out and the computer is now ready for students.
+
+## Learn more
+
+See [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md) for prerequisites and provisioning details. 
+
--- a/windows/deploy/activate-forest-by-proxy-vamt.md
+++ b/windows/deploy/activate-forest-by-proxy-vamt.md
@ -2,13 +2,15 @@
 title: Activate by Proxy an Active Directory Forest (Windows 10)
 description: Activate by Proxy an Active Directory Forest
 ms.assetid: 6475fc87-a6f7-4fa8-b0aa-de19f2dea7e5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: activation
 author: jdeckerMS
 ---

 # Activate by Proxy an Active Directory Forest
+
 You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest for an isolated workgroup that does not have Internet access. ADBA enables certain volume products to inherit activation from the domain.

 **Important**  
@ -20,47 +22,30 @@ In a typical proxy-activation scenario, the VAMT host computer distributes a pro
 For workgroups that are isolated from any larger network, you can still perform an AD forest activation. This requires installing a second instance of VAMT on a computer in the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. You can also activate by proxy a KMS Host key (CSVLK) in the core network if you do not want the host computer to connect to Microsoft over the Internet.

 ## Requirements
+
 Before performing proxy activation, ensure that the network and the VAMT installation meet the following requirements:
 - There is an instance of VAMT that is installed on a computer that has Internet access. If you are performing proxy activation for an isolated workgroup, you must also have VAMT installed on one of the computers in the workgroup.
-
 - VAMT has administrative permissions to the Active Directory domain.

 **To perform an Active Directory forest proxy activation**

 1.  Open VAMT.
-
 2.  In the left-side pane, click the **Active Directory-Based Activation** node.
-
 3.  In the right-side **Actions** pane, click **Proxy activate forest** to open the **Install Product Key** dialog box.
-
 4.  In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to activate.
-
-5.  If you want to rename the ADBA object, enter a new Active Directory-Based Activation Object name.
-
-    **Important**  
-    If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed.
-
+5.  If you want to rename the ADBA object, enter a new Active Directory-Based Activation Object name. If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed.
 6.  Enter the name of the file where you want to save the offline installation ID, or browse to the file location and then click **Open**. If you are activating an AD forest in an isolated workgroup, save the .cilx file to a removable media device.
-
-7.  Click **Install Key**.
-
-    VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane.
-
+7.  Click **Install Key**. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane.
 9.  Insert the removable media into the VAMT host that has Internet access. Make sure that you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane.
-
 10. In the right-side **Actions** pane, click **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box.
-
 11. In the **Acquire confirmation IDs for file** dialog box, browse to where the .cilx file you exported from the isolated workgroup host computer is located. Select the file, and then click **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and acquires the CIDs.
-
 12. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows how many confirmation IDs were successfully acquired, and the name of the file to which the IDs were saved. Click **OK** to close the message.
-
 13. Remove the storage device that contains the .cilx file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated workgroup.
-
 14. Open VAMT and then click the **Active Directory-Based Activation** node in the left-side pane.
-
 15. In the right-side **Actions** pane, click **Apply confirmation ID to Active Directory domain**, browse to the .cilx file and then click **Open**.

 VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane.

 ## Related topics
+
 - [Add and Remove Computers](add-remove-computers-vamt.md)
--- a/windows/deploy/activate-forest-vamt.md
+++ b/windows/deploy/activate-forest-vamt.md
@ -2,49 +2,44 @@
 title: Activate an Active Directory Forest Online (Windows 10)
 description: Activate an Active Directory Forest Online
 ms.assetid: 9b5bc193-799b-4aa5-9d3e-0e495f7195d3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: activation
 author: jdeckerMS
 ---

 # Activate an Active Directory Forest Online
+
 You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest over the Internet. ADBA enables certain products to inherit activation from the domain.

 **Important**  
 ADBA is only applicable to Generic Volume License Keys (GVLKs) and KMS Host keys (CSVLKs). To use ADBA, one or more KMS Host keys (CSVLKs) must be installed on the AD forest, and client keys (GVLKs) must be installed on the client products.

 ## Requirements
+
 Before performing online activation, ensure that the network and the VAMT installation meet the following requirements:
-
 -   VAMT is installed on a host computer that has Internet access.
-
 -   VAMT has administrative permissions to the Active Directory domain.
-
 -   The KMS Host key (CSVLK) you intend to use is added to VAMT in the **Product Keys** node.

-
 **To perform an online Active Directory forest activation**

 1.  Open VAMT.
-
 2.  In the left-side pane, click the **Active Directory-Based Activation** node.
-
 3.  In the right-side **Actions** pane, click **Online activate forest** to open the **Install Product Key** dialog box.
-
 4.  In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to apply to the AD forest.
-
 5.  If required, enter a new Active Directory-Based Activation Object name

    **Important**  
    If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed.

 6.  Click **Install Key**.
-
 7.  VAMT displays the **Activating Active Directory** dialog box until it completes the requested action.

 The activated object and the date that is was created appear in the **Active Directory-Based Activation** node in the center pane.

 ## Related topics
+
 - [Scenario 1: Online Activation](scenario-online-activation-vamt.md)
 - [Add and Remove Computers](add-remove-computers-vamt.md)
--- a/windows/deploy/activate-using-active-directory-based-activation-client.md
+++ b/windows/deploy/activate-using-active-directory-based-activation-client.md
@ -2,16 +2,16 @@
 title: Activate using Active Directory-based activation (Windows 10)
 description: Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects.
 ms.assetid: 08cce6b7-7b5b-42cf-b100-66c363a846af
-keywords: ["vamt", "volume activation", "activation", "windows activation"]
-ms.prod: W10
+keywords: vamt, volume activation, activation, windows activation
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+ms.pagetype: activation
+author: greg-lindsay
 ---

 # Activate using Active Directory-based activation
 **Applies to**
-
 -   Windows 10
 -   Windows 8.1
 -   Windows 8
@ -21,25 +21,16 @@ author: CFaw
 -   Windows Server 2008 R2

 **Looking for retail activation?**
-
 -   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)

 Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that the forest schema be updated by adprep.exe on a computer running Windows Server 2012 R2 or Windows Server 2012, but after the schema is updated, older domain controllers can still activate clients.
-
 Any domain-joined computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 with a GVLK will be activated automatically and transparently. They will stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention.
-
 To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console in Windows Server 2012 R2 or the VAMT in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10.
-
 The process proceeds as follows:
-
 1.  Perform one of the following tasks:
-
    -   Install the Volume Activation Services server role on a domain controller running Windows Server 2012 R2, and add a KMS host key by using the Volume Activation Tools Wizard.
-
    -   Extend the domain to the Windows Server 2012 R2 schema level, and add a KMS host key by using the VAMT.
-
 2.  Microsoft verifies the KMS host key, and an activation object is created.
-
 3.  Client computers are activated by receiving the activation object from a domain controller during startup.

    ![Active Directory-based activation flow](images/volumeactivationforwindows81-10.jpg)
@ -47,23 +38,15 @@ The process proceeds as follows:
    **Figure 10**. The Active Directory-based activation flow
    
 For environments in which all computers are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2, and they are joined to a domain, Active Directory-based activation is the best option for activating all client computers and servers, and you may be able to remove any KMS hosts from your environment.
-
 If an environment will continue to contain earlier volume licensing operating systems and applications or if you have workgroup computers outside the domain, you need to maintain a KMS host to maintain activation status for earlier volume licensing editions of Windows and Office.
-
 Clients that are activated with Active Directory-based activation will maintain their activated state for up to 180 days since the last contact with the domain, but they will periodically attempt to reactivate before then and at the end of the 180day period. By default, this reactivation event occurs every seven days.
-
 When a reactivation event occurs, the client queries AD DS for the activation object. Client computers examine the activation object and compare it to the local edition as defined by the GVLK. If the object and GVLK match, reactivation occurs. If the AD DS object cannot be retrieved, client computers use KMS activation. If the computer is removed from the domain, when the computer or the Software Protection service is restarted, the operating system will change the status from activated to not activated, and the computer will try to activate with KMS.
-
 ## Step-by-step configuration: Active Directory-based activation
 **Note**  
 You must be a member of the local Administrators group on all computers mentioned in these steps. You also need to be a member of the Enterprise Administrators group, because setting up Active Directory-based activation changes forest-wide settings.
-
 **To configure Active Directory-based activation on Windows Server 2012 R2, complete the following steps:**
-
 1.  Use an account with Domain Administrator and Enterprise Administrator credentials to sign in to a domain controller.
-
 2.  Launch Server Manager.
-
 3.  Add the Volume Activation Services role, as shown in Figure 11.

    ![Adding the Volume Activation Services role](images/volumeactivationforwindows81-11.jpg)
@ -97,18 +80,13 @@ You must be a member of the local Administrators group on all computers mentione
 8.  After activating the key, click **Commit**, and then click **Close**.

 ## Verifying the configuration of Active Directory-based activation
+
 To verify your Active Directory-based activation configuration, complete the following steps:
-
 1.  After you configure Active Directory-based activation, start a computer that is running an edition of Windows that is configured by volume licensing.
-
 2.  If the computer has been previously configured with a MAK key, replace the MAK key with the GVLK by running the **slmgr.vbs /ipk** command and specifying the GLVK as the new product key.
-
 3.  If the computer is not joined to your domain, join it to the domain.
-
 4.  Sign in to the computer.
-
 5.  Open Windows Explorer, right-click **Computer**, and then click **Properties**.
-
 6.  Scroll down to the **Windows activation** section, and verify that this client has been activated.

    **Note**<br>
--- a/windows/deploy/activate-using-key-management-service-vamt.md
+++ b/windows/deploy/activate-using-key-management-service-vamt.md
@ -2,16 +2,17 @@
 title: Activate using Key Management Service (Windows 10)
 ms.assetid: f2417bfe-7d25-4e82-bc07-de316caa8dac
 description: 
-keywords: ["vamt", "volume activation", "activation", "windows activation"]
-ms.prod: W10
+keywords: vamt, volume activation, activation, windows activation
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: activation
 author: jdeckerMS
 ---

 # Activate using Key Management Service
-**Applies to**

+**Applies to**
 -   Windows 10
 -   Windows 8.1
 -   Windows 8
@ -25,29 +26,25 @@ author: jdeckerMS
 -   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)

 There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host:
-
 -   Host KMS on a computer running Windows 10
-
 -   Host KMS on a computer running Windows Server 2012 R2
-
 -   Host KMS on a computer running an earlier version of Windows

+Check out [Windows 10 Volume Activation Tips](https://blogs.technet.microsoft.com/askcore/2015/09/15/windows-10-volume-activation-tips/).
+
 ## Key Management Service in Windows 10
+
 Installing a KMS host key on a computer running Windows 10 allows you to activate other computers running Windows 10 against this KMS host and earlier versions of the client operating system, such as Windows 8.1 or Windows 7.
-
 Clients locate the KMS server by using resource records in DNS, so some configuration of DNS may be required. This scenario can be beneficial if your organization uses volume activation for clients and MAK-based activation for a smaller number of servers.
-
 To enable KMS functionality, a KMS key is installed on a KMS host; then, the host is activated over the Internet or by phone using Microsoft’s activation services.

 **Configure KMS in Windows 10**

 1.  Open an elevated command prompt.
-
 2.  Enter one of the following commands.
    -   To install a KMS key, type **slmgr.vbs /ipk &lt;KmsKey&gt;**.
    -   To activate online, type **slmgr.vbs /ato**.
    -   To activate by using the telephone, type **slui.exe 4**.
-
 3.  After activating the KMS key, restart the Software Protection Service.

 For more information, see the information for Windows 7 in [Deploy KMS Activation](http://go.microsoft.com/fwlink/p/?LinkId=717032).
@ -61,19 +58,18 @@ You cannot install a client KMS key into the KMS in Windows Server.
 This scenario is commonly used in larger organizations that do not find the overhead of using a server a burden.

 **Note**  
+
 If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](http://go.microsoft.com/fwlink/p/?LinkId=620687).

 **Configure KMS in Windows Server 2012 R2**

 1.  Sign in to a computer running Windows Server 2012 R2 with an account that has local administrative credentials.
-
 2.  Launch Server Manager.
-
 3.  Add the Volume Activation Services role, as shown in Figure 4.

    ![Adding the Volume Activation Services role in Server Manager](images/volumeactivationforwindows81-04.jpg)
 	
-    **Figure 4**. Adding the Volume Activation Services role in Server Manager
+    **Figure 4**. Adding the Volume Activation Services role in Server Manager\
 	
 4.  When the role installation is complete, click the link to launch the Volume Activation Tools (Figure 5).

@ -81,11 +77,10 @@ If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise,
 	
    **Figure 5**. Launching the Volume Activation Tools

-5.  Select the **Key Management Service (KMS)** option, and specify the computer that will act as the KMS host (Figure 6).
-
+	5.  Select the **Key Management Service (KMS)** option, and specify the computer that will act as the KMS host (Figure 6).
    This can be the same computer on which you installed the role or another computer. For example, it can be a client computer running Windows 10.
    
-    ![Configuring the computer as a KMS host](images/volumeactivationforwindows81-06.jpg)
+	![Configuring the computer as a KMS host](images/volumeactivationforwindows81-06.jpg)
 	
    **Figure 6**. Configuring the computer as a KMS host
 	
@ -96,60 +91,50 @@ If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise,
    **Figure 7**. Installing your KMS host key
 	
 7.  If asked to confirm replacement of an existing key, click **Yes**.
-
 8.  After the product key is installed, you must activate it. Click **Next** (Figure 8).

    ![Activating the software](images/volumeactivationforwindows81-08.jpg)
 	
    **Figure 8**. Activating the software

-The KMS key can be activated online or by phone. See Figure 9.
+	The KMS key can be activated online or by phone. See Figure 9.

-![Choosing to activate online](images/volumeactivationforwindows81-09.jpg)
+	![Choosing to activate online](images/volumeactivationforwindows81-09.jpg)

-**Figure 9**. Choosing to activate online
+	**Figure 9**. Choosing to activate online

 Now that the KMS host is configured, it will begin to listen for activation requests. However, it will not activate clients successfully until the activation threshold is met.

 ## Verifying the configuration of Key Management Service
-You can verify KMS volume activation from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message.

+You can verify KMS volume activation from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message.
 **Note**  
+
 If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2.

 To verify that KMS volume activation works, complete the following steps:

 1.  On the KMS host, open the event log and confirm that DNS publishing is successful.
-
 2.  On a client computer, open a Command Prompt window, type **Slmgr.vbs /ato**, and then press ENTER.<p>
 The **/ato** command causes the operating system to attempt activation by using whichever key has been installed in the operating system. The response should show the license state and detailed Windows version information.
-
 3.  On a client computer or the KMS host, open an elevated Command Prompt window, type **Slmgr /dlv**, and then press ENTER.<p>
+
 The **/dlv** command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated.

 For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](http://go.microsoft.com/fwlink/p/?LinkId=733639).

 ## Key Management Service in earlier versions of Windows
+
 If you have already established a KMS infrastructure in your organization for an earlier version of Windows, you may want to continue using that infrastructure to activate computers running Windows 10 or Windows Server 2012 R2. Your existing KMS host must be running Windows 7 or later. To upgrade your KMS host, complete the following steps:

 1.  Download and install the correct update for your current KMS host operating system. Restart the computer as directed.
-
 2.  Request a new KMS host key from the Volume Licensing Service Center.
-
 3.  Install the new KMS host key on your KMS host.
-
 4.  Activate the new KMS host key by running the slmrg.vbs script.

 For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](http://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=626590).

 ## See also
 -   [Volume Activation for Windows 10](volume-activation-windows-10.md)
-
  
-
  
-
-
-
-
-
--- a/windows/deploy/activate-windows-10-clients-vamt.md
+++ b/windows/deploy/activate-windows-10-clients-vamt.md
@ -2,16 +2,17 @@
 title: Activate clients running Windows 10 (Windows 10)
 description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy.
 ms.assetid: 39446e49-ad7c-48dc-9f18-f85a11ded643
-keywords: ["vamt", "volume activation", "activation", "windows activation"]
-ms.prod: W10
+keywords: vamt, volume activation, activation, windows activation
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: activation
 author: jdeckerMS
 ---

 # Activate clients running Windows 10
-**Applies to**

+**Applies to**
 -   Windows 10
 -   Windows 8.1
 -   Windows 8
@ -25,78 +26,75 @@ author: jdeckerMS
 -   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)

 After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. If the computer has been configured with a Generic Volume License Key (GVLK), neither IT nor the user need take any action. It just works.
-
 Enterprise edition images and installation media should already be configured with the GVLK. When the client computer starts, the Licensing service examines the current licensing condition of the computer.
-
 If activation or reactivation is required, the following sequence occurs:
-
 1.  If the computer is a member of a domain, it asks a domain controller for a volume activation object. If Active Directory-based activation is configured, the domain controller returns the object. If the object matches the edition of the software that is installed and the computer has a matching GVLK, the computer is activated (or reactivated), and it will not need to be activated again for 180 days, although the operating system will attempt reactivation at much shorter, regular intervals.
-
 2.  If the computer is not a member of a domain or if the volume activation object is not available, the computer will issue a DNS query to attempt to locate a KMS server. If a KMS server can be contacted, activation occurs if the KMS has a key that matches the computer’s GVLK.
-
 3.  The computer tries to activate against Microsoft servers if it is configured with a MAK.

 If the client is not able to activate itself successfully, it will periodically try again. The frequency of the retry attempts depends on the current licensing state and whether the client computer has been successfully activated in the past. For example, if the client computer had been previously activated by Active Directory-based activation, it will periodically try to contact the domain controller at each restart.

 ## How Key Management Service works
+
 KMS uses a client–server topology. KMS client computers can locate KMS host computers by using DNS or a static configuration. KMS clients contact the KMS host by using RPCs carried over TCP/IP.

 ### Key Management Service activation thresholds
+
 You can activate physical computers and virtual machines by contacting a KMS host. To qualify for KMS activation, there must be a minimum number of qualifying computers (called the activation threshold). KMS clients will be activated only after this threshold has been met. Each KMS host counts the number of computers that have requested activation until the threshold is met.

 A KMS host responds to each valid activation request from a KMS client with the count of how many computers have already contacted the KMS host for activation. Client computers that receive a count below the activation threshold are not activated. For example, if the first two computers that contact the KMS host are running Windows 10, the first receives an activation count of 1, and the second receives an activation count of 2. If the next computer is a virtual machine on a computer running Windows 10, it receives an activation count of 3, and so on. None of these computers will be activated, because computers running Windows 10, like other client operating system versions, must receive an activation count of 25 or more.
-
 When KMS clients are waiting for the KMS to reach the activation threshold, they will connect to the KMS host every two hours to get the current activation count. They will be activated when the threshold is met.

 In our example, if the next computer that contacts the KMS host is running Windows Server 2012 R2, it receives an activation count of 4, because activation counts are cumulative. If a computer running Windows Server 2012 R2 receives an activation count that is 5 or more, it is activated. If a computer running Windows 10 receives an activation count of 25 or more, it is activated.

 ### Activation count cache
+
 To track the activation threshold, the KMS host keeps a record of the KMS clients that request activation. The KMS host gives each KMS client a client ID designation, and the KMS host saves each client ID in a table. By default, each activation request remains in the table for up to 30 days. When a client renews its activation, the cached client ID is removed from the table, a new record is created, and the 30day period begins again. If a KMS client computer does not renew its activation within 30 days, the KMS host removes the corresponding client ID from the table and reduces the activation count by one.
-
 However, the KMS host only caches twice the number of client IDs that are required to meet the activation threshold. Therefore, only the 50 most recent client IDs are kept in the table, and a client ID could be removed much sooner than 30 days.
-
 The total size of the cache is set by the type of client computer that is attempting to activate. If a KMS host receives activation requests only from servers, the cache will hold only 10 client IDs (twice the required 5). If a client computer running Windows 10 contacts that KMS host, KMS increases the cache size to 50 to accommodate the higher threshold. KMS never reduces the cache size.

 ### Key Management Service connectivity
+
 KMS activation requires TCP/IP connectivity. By default, KMS hosts and clients use DNS to publish and find the KMS. The default settings can be used, which require little or no administrative action, or KMS hosts and client computers can be manually configured based on network configuration and security requirements.

 ### Key Management Service activation renewal
+
 KMS activations are valid for 180 days (the *activation validity interval*). To remain activated, KMS client computers must renew their activation by connecting to the KMS host at least once every 180 days. By default, KMS client computers attempt to renew their activation every 7 days. If KMS activation fails, the client computer retries every two hours. After a client computer’s activation is renewed, the activation validity interval begins again.

 ### Publication of the Key Management Service
+
 The KMS uses service (SRV) resource records in DNS to store and communicate the locations of KMS hosts. KMS hosts use the DNS dynamic update protocol, if available, to publish the KMS service (SRV) resource records. If dynamic update is not available or the KMS host does not have rights to publish the resource records, the DNS records must be published manually, or you must configure client computers to connect to specific KMS hosts.

 ### Client discovery of the Key Management Service
+
 By default, KMS client computers query DNS for KMS information. The first time a KMS client computer queries DNS for KMS information, it randomly chooses a KMS host from the list of service (SRV) resource records that DNS returns. The address of a DNS server that contains the service (SRV) resource records can be listed as a suffixed entry on KMS client computers, which allows one DNS server to advertise the service (SRV) resource records for KMS, and KMS client computers with other primary DNS servers to find it.
-
 Priority and weight parameters can be added to the DnsDomainPublishList registry value for KMS. Establishing KMS host priority groupings and weighting within each group allows you to specify which KMS host the client computers should try first and balances traffic among multiple KMS hosts. Only Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 provide these priority and weight parameters.
-
 If the KMS host that a client computer selects does not respond, the KMS client computer removes that KMS host from its list of service (SRV) resource records and randomly selects another KMS host from the list. When a KMS host responds, the KMS client computer caches the name of the KMS host and uses it for subsequent activation and renewal attempts. If the cached KMS host does not respond on a subsequent renewal, the KMS client computer discovers a new KMS host by querying DNS for KMS service (SRV) resource records.
-
 By default, client computers connect to the KMS host for activation by using anonymous RPCs through TCP port 1688. (You can change the default port.) After establishing a TCP session with the KMS host, the client computer sends a single request packet. The KMS host responds with the activation count. If the count meets or exceeds the activation threshold for that operating system, the client computer is activated and the session is closed. The KMS client computer uses this same process for renewal requests. 250 bytes are used for communication each way.

 ### Domain Name System server configuration
-The default KMS automatic publishing feature requires the service (SRV) resource record and support for DNS dynamic update protocol. KMS client computer default behavior and the KMS service (SRV) resource record publishing are supported on a DNS server that is running Microsoft software or any other DNS server that supports service (SRV) resource records (per Internet Engineering Task Force \[IETF\] Request for Comments \[RFC\] 2782) and dynamic updates (per IETF RFC 2136). For example, Berkeley Internet Domain Name versions 8.x and 9.x support service (SRV) resource records and dynamic update.

+The default KMS automatic publishing feature requires the service (SRV) resource record and support for DNS dynamic update protocol. KMS client computer default behavior and the KMS service (SRV) resource record publishing are supported on a DNS server that is running Microsoft software or any other DNS server that supports service (SRV) resource records (per Internet Engineering Task Force \[IETF\] Request for Comments \[RFC\] 2782) and dynamic updates (per IETF RFC 2136). For example, Berkeley Internet Domain Name versions 8.x and 9.x support service (SRV) resource records and dynamic update.
 The KMS host must be configured so that it has the credentials needed to create and update the following resource records on the DNS servers: service (SRV), IPv4 host (A), and IPv6 host (AAAA), or the records need to be created manually. The recommended solution for giving the KMS host the needed credentials is to create a security group in AD DS, then add all KMS hosts to that group. On a DNS server that is running Microsoft software, ensure that this security group is given full control over the \_VLMCS.\_TCP record in each DNS domain that will contain the KMS service (SRV) resource records.

 ### Activating the first Key Management Service host
+
 KMS hosts on the network need to install a KMS key, and then be activated with Microsoft. Installation of a KMS key enables the KMS on the KMS host. After installing the KMS key, complete the activation of the KMS host by telephone or online. Beyond this initial activation, a KMS host does not communicate any information to Microsoft. KMS keys are only installed on KMS hosts, never on individual KMS client computers.

 ### Activating subsequent Key Management Service hosts
+
 Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization’s KMS key by calling a Microsoft Volume [Licensing Activation Center](http://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception.

 ## How Multiple Activation Key works
+
 A MAK is used for one-time activation with Microsoft’s hosted activation services. Each MAK has a predetermined number of allowed activations. This number is based on volume licensing agreements, and it might not match the organization’s exact license count. Each activation that uses a MAK with the Microsoft hosted activation service counts toward the activation limit.

 You can activate computers by using a MAK in two ways:
-
 -   **MAK independent activation**. Each computer independently connects and is activated with Microsoft over the Internet or by telephone. MAK independent activation is best suited to computers within an organization that do not maintain a connection to the corporate network. MAK independent activation is shown in Figure 16.

    ![MAK independent activation](images/volumeactivationforwindows81-16.jpg)
    
    **Figure 16**. MAK independent activation
-
 -   **MAK proxy activation**. MAK proxy activation enables a centralized activation request on behalf of multiple computers with one connection to Microsoft. You configure MAK proxy activation by using the VAMT. MAK proxy activation is appropriate for environments in which security concerns restrict direct access to the Internet or the corporate network. It is also suited for development and test labs that lack this connectivity. MAK proxy activation with the VAMT is shown in Figure 17.

    ![MAK proxy activation with the VAMT](images/volumeactivationforwindows81-17.jpg)
@ -108,21 +106,16 @@ A MAK is recommended for computers that rarely or never connect to the corporate
 You can use a MAK for individual computers or with an image that can be duplicated or installed by using Microsoft deployment solutions. You can also use a MAK on a computer that was originally configured to use KMS activation. This is useful for moving a computer off the core network to a disconnected environment.

 ### Multiple Activation Key architecture and activation
-MAK independent activation installs a MAK product key on a client computer. The key instructs that computer to activate itself with Microsoft servers over the Internet.

+MAK independent activation installs a MAK product key on a client computer. The key instructs that computer to activate itself with Microsoft servers over the Internet.
 In MAK proxy activation, the VAMT installs a MAK product key on a client computer, obtains the installation ID from the target computer, sends the installation ID to Microsoft on behalf of the client, and obtains a confirmation ID. The tool then activates the client computer by installing the confirmation ID.

 ## Activating as a standard user
+
 Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 do not require administrator privileges for activation, but this change does not allow standard user accounts to remove computers running Windows 7 or Windows Server 2008 R2 from the activated state. An administrator account is still required for other activation- or license-related tasks, such as “rearm.”

 ## See also
+
 -   [Volume Activation for Windows 10](volume-activation-windows-10.md)
-
  
-
  
-
-
-
-
-
--- a/windows/deploy/active-directory-based-activation-overview.md
+++ b/windows/deploy/active-directory-based-activation-overview.md
@ -2,31 +2,26 @@
 title: Active Directory-Based Activation Overview (Windows 10)
 description: Active Directory-Based Activation Overview
 ms.assetid: c1dac3bd-6a86-4c45-83dd-421e63a398c0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+ms.pagetype: activation
+author: greg-lindsay
 ---

 # Active Directory-Based Activation Overview
+
 Active Directory-Based Activation (ADBA) enables enterprises to activate computers through a connection to their domain. Many companies have computers at offsite locations that use products that are registered to the company. Previously these computers needed to either use a retail key or a Multiple Activation Key (MAK), or physically connect to the network in order to activate their products by using Key Management Services (KMS). ADBA provides a way to activate these products if the computers can join the company’s domain. When the user joins their computer to the domain, the ADBA object automatically activates Windows installed on their computer, as long as the computer has a Generic Volume License Key (GVLK) installed. No single physical computer is required to act as the activation object, because it is distributed throughout the domain.

 ## Active Directory-Based Activation Scenarios
+
 VAMT enables IT Professionals to manage and activate the Active Directory-Based Activation object. Activation can be performed by using a scenario such as the following:
-
 -   Online activation: To activate an ADBA forest online, the user selects the **Online activate forest** function, selects a KMS Host key (CSVLK) to use, and gives the Active Directory-Based Activation Object a name.
-
 -   Proxy activation: For a proxy activation, the user first selects the **Proxy activate forest** function, selects a KMS Host key (CSVLK) to use, gives the Active Directory-Based Activation Object a name, and provides a file name to save the CILx file that contains the Installation ID. Next, the user takes that file to a computer that is running VAMT with an Internet connection and then selects the **Acquire confirmation IDs for CILX** function on the VAMT landing page, and provides the original CILx file. When VAMT has loaded the Confirmation IDs into the original CILx file, the user takes this file back to the original VAMT instance, where the user completes the proxy activation process by selecting the **Apply confirmation ID to Active Directory domain** function.

 ## Related topics
+
 - [How to Activate an Active Directory Forest Online](http://go.microsoft.com/fwlink/p/?LinkId=246565)
 - [How to Proxy Activate an Active Directory Forest](http://go.microsoft.com/fwlink/p/?LinkId=246566)
-
  
-
  
-
-
-
-
-
--- a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
@ -2,8 +2,8 @@
 title: Add a Windows 10 operating system image using Configuration Manager (Windows 10)
 description: Operating system images are typically the production image used for deployment throughout the organization.
 ms.assetid: 77f769cc-1a47-4f36-8082-201cd77b8d3b
-keywords: ["image, deploy, distribute"]
-ms.prod: W10
+keywords: image, deploy, distribute
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
--- a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@ -2,8 +2,8 @@
 title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager (Windows 10)
 description: In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines.
 ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
-keywords: ["deploy, task sequence"]
-ms.prod: W10
+keywords: deploy, task sequence
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
--- a/windows/deploy/add-manage-products-vamt.md
+++ b/windows/deploy/add-manage-products-vamt.md
@ -2,13 +2,15 @@
 title: Add and Manage Products (Windows 10)
 description: Add and Manage Products
 ms.assetid: a48fbc23-917d-40f7-985c-e49702c05e51
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: activation
 author: jdeckerMS
 ---

 # Add and Manage Products
+
 This section describes how to add client computers into the Volume Activation Management Tool (VAMT). After the computers are added, you can manage the products that are installed on your network.

 ## In this Section
@ -18,14 +20,6 @@ This section describes how to add client computers into the Volume Activation Ma
 |[Add and Remove Computers](add-remove-computers-vamt.md) |Describes how to add client computers to VAMT. |
 |[Update Product Status](update-product-status-vamt.md) |Describes how to update the status of product license. |
 |[Remove Products](remove-products-vamt.md) |Describes how to remove a product from the product list. |
-
  
-
  
-
  
-
-
-
-
-
--- a/windows/deploy/add-remove-computers-vamt.md
+++ b/windows/deploy/add-remove-computers-vamt.md
@ -2,36 +2,30 @@
 title: Add and Remove Computers (Windows 10)
 description: Add and Remove Computers
 ms.assetid: cb6f3a78-ece0-4dc7-b086-cb003d82cd52
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
+ms.pagetype: activation
 ---

 # Add and Remove Computers
+
 You can add computers that have any of the supported Windows or Office products installed to a Volume Activation Management Tool (VAMT) database by using the **Discover products** function. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query. You can remove computers from a VAMT database by using the **Delete** function. After you add the computers, you can add the products that are installed on the computers by running the **Update license status** function.

 Before adding computers, ensure that the Windows Management Instrumentation (WMI) firewall exception required by VAMT has been enabled on all target computers. For more information see [Configure Client Computers](configure-client-computers-vamt.md).

 ## To add computers to a VAMT database
+
 1.  Open VAMT.
-
 2.  Click **Discover products** in the **Actions** menu in the right-side pane to open the **Discover Products** dialog box.
-
 3.  In the **Discover products** dialog box, click **Search for computers in the Active Directory** to display the search options, then click the search option you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query.
-
    -   To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**, then under **Domain Filter Criteria**, in the list of domain names click the name of the domain you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
-
    -   To search by individual computer name or IP address, click **Manually enter name or IP address**, then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing.
-
    -   To search for computers in a workgroup, click **Search for computers in the workgroup**, then under **Workgroup Filter Criteria**, in the list of workgroup names click the name of the workgroup you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
-
    -   To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box provided. VAMT will validate only the LDAP query syntax, but will otherwise run the query without further checks.
-
 4.  Click **Search**.
-
 5.  VAMT searches for the specified computers and adds them to the VAMT database. During the search, VAMT displays the **Finding computers** message shown below.
-
    To cancel the search, click **Cancel**. When the search is complete the names of the newly-discovered computers appear in the product list view in the center pane.
    
    ![VAMT, Finding computers dialog box](images/dep-win8-l-vamt-findingcomputerdialog.gif)
@ -40,36 +34,25 @@ Before adding computers, ensure that the Windows Management Instrumentation (WMI
    This step adds only the computers to the VAMT database, and not the products that are installed on the computers. To add the products, you need to run the **Update license status** function.
    
 ## To add products to VAMT
+
 1.  In the **Products** list, select the computers that need to have their product information added to the VAMT database.
-
 2.  You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-
 3.  In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
-
    -   To filter the list by computer name, enter a name in the **Computer Name** box.
-
    -   To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-
 4.  Click **Filter**. VAMT displays the filtered list in the center pane.
-
 5.  In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**.
-
 6.  VAMT displays the **Collecting product information** dialog box while it collects the licensing status of all supported products on the selected computers. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane.

    **Note**  
    If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading.
    
 ## To remove computers from a VAMT database
+
 You can delete a computer by clicking on it in the product list view, and then clicking **Delete** in the **Selected Item** menu in the right-hand pane. In the **Confirm Delete Selected Products** dialog box that appears, click **Yes** to delete the computer. If a computer has multiple products listed, you must delete each product to completely remove the computer from the VAMT database.

 ## Related topics
+
 - [Add and Manage Products](add-manage-products-vamt.md)
-
  
-
  
-
-
-
-
-
--- a/windows/deploy/add-remove-product-key-vamt.md
+++ b/windows/deploy/add-remove-product-key-vamt.md
@ -2,33 +2,33 @@
 title: Add and Remove a Product Key (Windows 10)
 description: Add and Remove a Product Key
 ms.assetid: feac32bb-fb96-4802-81b8-c69220dcfcce
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: activation
 author: jdeckerMS
 ---

 # Add and Remove a Product Key
+
 Before you can use a Multiple Activation Key (MAK), retail, or KMS Host key (CSVLK) product key, you must first add it to the Volume Activation Management Tool (VAMT) database.

 ## To Add a Product Key
+
 1.  Open VAMT.
-
 2.  In the left-side pane, right-click the **Product Keys** node to open the **Actions** menu.
-
 3.  Click **Add product keys** to open the **Add Product Keys** dialog box.
-
 4.  In the **Add Product Keys** dialog box, select from one of the following methods to add product keys:
-
    -   To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys separated by line breaks, and click **Add Key(s)**.
-
    -   To import a Comma Separated Values (CSV) file containing a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**.

    **Note**  
    If you are activating a large number of products with a MAK, you should refresh the activation count of the MAK, to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs.

 ## Remove a Product Key
+
 -   To remove a product key from the list, simply select the key in the list and click **Delete** on the **Selected Items** menu in the right-side pane. Click **Yes** to confirm deletion of the product key. Removing a product key from the VAMT database will not affect the activation state of any products or computers on the network.

 ## Related topics
+
 - [Manage Product Keys](manage-product-keys-vamt.md)
--- a/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
@ -2,16 +2,15 @@
 title: Appendix Information sent to Microsoft during activation (Windows 10)
 ms.assetid: 4bfff495-07d0-4385-86e3-7a077cbd64b8
 description: 
-keywords: ["vamt", "volume activation", "activation", "windows activation"]
-ms.prod: W10
+keywords: vamt, volume activation, activation, windows activation
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: activation
 author: jdeckerMS
 ---
-
 # Appendix: Information sent to Microsoft during activation
 **Applies to**
-
 -   Windows 10
 -   Windows 8.1
 -   Windows 8
@ -27,60 +26,39 @@ author: jdeckerMS
 When you activate a computer running Windows 10, the following information is sent to Microsoft:

 -   The Microsoft product code (a five-digit code that identifies the Windows product you are activating)
-
 -   A channel ID or site code that identifies how the Windows product was originally obtained

    For example, a channel ID or site code identifies whether the product was originally purchased from a retail store, obtained as an evaluation copy, obtained through a volume licensing program, or preinstalled by a computer manufacturer.
    
 -   The date of installation and whether the installation was successful
-
 -   Information that helps confirm that your Windows product key has not been altered
-
 -   Computer make and model
-
 -   Version information for the operating system and software
-
 -   Region and language settings
-
 -   A unique number called a *globally unique identifier*, which is assigned to your computer
-
 -   Product key (hashed) and product ID
-
 -   BIOS name, revision number, and revision date
-
 -   Volume serial number (hashed) of the hard disk drive
-
 -   The result of the activation check

    This includes error codes and the following information about any activation exploits and related malicious or unauthorized software that was found or disabled:
    
    -   The activation exploit’s identifier
-
    -   The activation exploit’s current state, such as cleaned or quarantined
-
    -   Computer manufacturer’s identification
-
    -   The activation exploit’s file name and hash in addition to a hash of related software components that may indicate the presence of an activation exploit
-
 -   The name and a hash of the contents of your computer’s startup instructions file
-
 -   If your Windows license is on a subscription basis, information about how your subscription works

 Standard computer information is also sent, but your computer’s IP address is only retained temporarily.

 ## Use of information
-Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers.

+Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers.
 For additional details, see [Windows 10 Privacy Statement](http://go.microsoft.com/fwlink/p/?LinkId=619879).

 ## See also
+
 -   [Volume Activation for Windows 10](volume-activation-windows-10.md)
-
  
-
  
-
-
-
-
-
--- a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
+++ b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
@ -2,29 +2,24 @@
 title: Assign applications using roles in MDT (Windows 10)
 description: This topic will show you how to add applications to a role in the MDT database and then assign that role to a computer.
 ms.assetid: d82902e4-de9c-4bc4-afe0-41d649b83ce7
-keywords: ["settings, database, deploy"]
-ms.prod: W10
+keywords: settings, database, deploy
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: mdt
 author: mtniehaus
 ---

 # Assign applications using roles in MDT

-
 This topic will show you how to add applications to a role in the MDT database and then assign that role to a computer. For the purposes of this topic, the application we are adding is Adobe Reader XI. In addition to using computer-specific entries in the database, you can use roles in MDT to group settings together.

 ## <a href="" id="sec01"></a>Create and assign a role entry in the database

-
 1.  On MDT01, using Deployment Workbench, in the MDT Production deployment share, expand **Advanced Configuration** and then expand **Database**.
-
 2.  In the **Database** node, right-click **Role**, select **New**, and create a role entry with the following settings:
-
    1.  Role name: Standard PC
-
    2.  Applications / Lite Touch Applications:
-
    3.  Install - Adobe Reader XI - x86

 ![figure 12](images/mdt-09-fig12.png)
@ -33,13 +28,9 @@ Figure 12. The Standard PC role with the application added

 ## <a href="" id="sec02"></a>Associate the role with a computer in the database

-
 After creating the role, you can associate it with one or more computer entries.
-
 1.  Using Deployment Workbench, expand **MDT Production**, expand **Advanced Configuration**, expand **Database**, and select **Computers**.
-
 2.  In the **Computers** node, double-click the **PC00075** entry, and add the following setting:
-
    -   Roles: Standard PC

 ![figure 13](images/mdt-09-fig13.png)
@ -48,17 +39,13 @@ Figure 13. The Standard PC role added to PC00075 (having ID 1 in the database).

 ## <a href="" id="sec03"></a>Verify database access in the MDT simulation environment

-
 When the database is populated, you can use the MDT simulation environment to simulate a deployment. The applications are not installed, but you can see which applications would be installed if you did a full deployment of the computer.
-
 1.  On PC0001, log on as **CONTOSO\\MDT\_BA**.
-
 2.  Modify the C:\\MDT\\CustomSettings.ini file to look like the following:

    ``` syntax
    [Settings]
    Priority=CSettings, CRoles, RApplications, Default
-
    [Default]
    _SMSTSORGNAME=Contoso
    OSInstall=Y
@ -90,7 +77,6 @@ When the database is populated, you can use the MDT simulation environment to si
    SkipCapture=YES
    SkipFinalSummary=NO
    EventService=http://MDT01:9800
-
    [CSettings]
    SQLServer=MDT01
    Instance=SQLEXPRESS
@ -100,7 +86,6 @@ When the database is populated, you can use the MDT simulation environment to si
    Table=ComputerSettings
    Parameters=UUID, AssetTag, SerialNumber, MacAddress
    ParameterCondition=OR
-
    [CRoles]
    SQLServer=MDT01
    Instance=SQLEXPRESS
@ -110,7 +95,6 @@ When the database is populated, you can use the MDT simulation environment to si
    Table=ComputerRoles
    Parameters=UUID, AssetTag, SerialNumber, MacAddress
    ParameterCondition=OR
-
    [RApplications]
    SQLServer=MDT01
    Instance=SQLEXPRESS
@ -127,6 +111,7 @@ When the database is populated, you can use the MDT simulation environment to si
    ``` syntax
    Set-Location C:\MDT
    .\Gather.ps1
+
    ```

 ![figure 14](images/mdt-09-fig14.png)
@ -135,26 +120,12 @@ Figure 14. ZTIGather.log displaying the application GUID belonging to the Adobe

 ## Related topics

-
 [Set up MDT for BitLocker](set-up-mdt-2013-for-bitlocker.md)
-
 [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-
 [Configure MDT for UserExit scripts](configure-mdt-2013-for-userexit-scripts.md)
-
 [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-
 [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-
 [Use web services in MDT](use-web-services-in-mdt-2013.md)
-
 [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt-2013.md)
-
  
-
  
-
-
-
-
-
--- a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
+++ b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
@ -2,18 +2,17 @@
 title: Build a distributed environment for Windows 10 deployment (Windows 10)
 description: In this topic, you will learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations.
 ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c
-keywords: ["replication, replicate, deploy, configure, remote"]
-ms.prod: W10
+keywords: replication, replicate, deploy, configure, remote
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: mdt
 author: mtniehaus
 ---

 # Build a distributed environment for Windows 10 deployment

-
 **Applies to**
-
 -   Windows 10

 In this topic, you will learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations. If you work in a distributed environment, replicating the deployment shares is an important part of the deployment solution. With images reaching 5 GB in size or more, you can't deploy machines in a remote office over the wire. You need to replicate the content, so that the clients can do local deployments.
@ -26,14 +25,11 @@ Figure 1. The machines used in this topic.

 ## <a href="" id="sec01"></a>Replicate deployment shares

-
 Replicating the content between MDT01 (New York) and MDT02 (Stockholm) can be done in a number of different ways. The most common content replication solutions with Microsoft Deployment Toolkit (MDT) 2013 use either the Linked Deployment Shares (LDS) feature or Distributed File System Replication (DFS-R). Some organizations have used a simple robocopy script for replication of the content.

 **Note**  
 Robocopy has options that allow for synchronization between folders. It has a simple reporting function; it supports transmission retry; and, by default, it will only copy/remove files from the source that are newer than files on the target.
-
  
-
 ### Linked deployment shares in MDT 2013 Update 2

 LDS is a built-in feature in MDT for replicating content. However, LDS works best with strong connections such as LAN connections with low latency. For most WAN links, DFS-R is the better option.
@ -44,19 +40,13 @@ DFS-R is not only very fast and reliable, but it also offers central monitoring,

 ## <a href="" id="sec02"></a>Set up Distributed File System Replication (DFS-R) for replication

-
 Setting up DFS-R for replication is a quick and straightforward process. You prepare the deployment servers and then create a replication group. To complete the setup, you configure some replication settings.

 ### Prepare MDT01 for replication
-
 1.  On MDT01, using Server Manager, click **Add roles and features**.
-
 2.  On the **Select installation type** page, select **Role-based or feature-based installation**.
-
 3.  On the **Select destination server** page, select **MDT01.contoso.com** and click **Next**.
-
 4.  On the **Select server roles** page, expand **File and Storage Services (Installed)** and expand **File and iSCSI Services (Installed)**.
-
 5.  In the **Roles** list, select **DFS Replication**. In the **Add Roles and Features Wizard** dialog box, select **Add Features**, and then click **Next**.

    ![figure 2](images/mdt-10-fig02.png)
@ -64,43 +54,31 @@ Setting up DFS-R for replication is a quick and straightforward process. You pre
    Figure 2. Adding the DFS Replication role to MDT01.

 6.  On the **Select features** page, accept the default settings, and click **Next**.
-
 7.  On the **Confirm installation selections** page, click **Install**.
-
 8.  On the **Installation progress** page, click **Close**.

 ### Prepare MDT02 for replication

 1.  On MDT02, using Server Manager, click **Add roles and features**.
-
 2.  On the **Select installation type** page, select **Role-based or feature-based installation**.
-
 3.  On the **Select destination server** page, select **MDT02.contoso.com** and click **Next**.
-
 4.  On the **Select server roles** page, expand **File and Storage Services (Installed)** and expand **File and iSCSI Services (Installed)**.
-
 5.  In the **Roles** list, select **DFS Replication**. In the **Add Roles and Features Wizard** dialog box, select **Add Features**, and then click **Next**.
-
 6.  On the **Select features** page, accept the default settings, and click **Next**.
-
 7.  On the **Confirm installation selections** page, click **Install**.
-
 8.  On the **Installation progress** page, click **Close**.

 ### Create the MDTProduction folder on MDT02

 1.  On MDT02, using File Explorer, create the **E:\\MDTProduction** folder.
-
 2.  Share the **E:\\MDTProduction** folder as **MDTProduction$**. Use the default permissions.

    ![figure 3](images/mdt-10-fig03.png)

    Figure 3. Sharing the **E:\\MDTProduction folder** on MDT02.
-
 ### Configure the deployment share

 When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT, that can be done by using the DefaultGateway property.
-
 1.  On MDT01, using Notepad, navigate to the **E:\\MDTProduction\\Control** folder and modify the Boostrap.ini file to look like this:

    ``` syntax
@ -118,14 +96,10 @@ When you have multiple deployment servers sharing the same content, you need to
    UserID=MDT_BA
    SkipBDDWelcome=YES
    ```
-
    **Note**  
    The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md).
-
     
-
 2.  Save the Bootstrap.ini file.
-
 3.  Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Update Deployment Share**.

    ![figure 4](images/mdt-10-fig04.png)
@ -133,7 +107,6 @@ When you have multiple deployment servers sharing the same content, you need to
    Figure 4. Updating the MDT Production deployment share.

 4.  Use the default settings for the Update Deployment Share Wizard.
-
 5.  After the update is complete, use the Windows Deployment Services console. In the **Boot Images** node, right-click the **MDT Production x64** boot image and select **Replace Image**.

    ![figure 5](images/mdt-10-fig05.png)
@ -141,20 +114,12 @@ When you have multiple deployment servers sharing the same content, you need to
    Figure 5. Replacing the updated boot image in WDS.

 6.  Browse and select the **E:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** boot image, and then complete Replace Boot Image Wizard using the default settings.
-
 ## <a href="" id="sec03"></a>Replicate the content
-
-
 Once the MDT01 and MDT02 servers are prepared, you are ready to configure the actual replication.
-
 ### Create the replication group
-
 1.  On MDT01, using DFS Management, right-click **Replication**, and select **New Replication Group**.
-
 2.  On the **Replication Group Type** page, select **Multipurpose replication group**, and click **Next**.
-
 3.  On the **Name and Domain** page, assign the **MDTProduction** name, and click **Next**.
-
 4.  On the **Replication Group Members** page, click **Add**, add **MDT01** and **MDT02**, and then click **Next**.

    ![figure 6](images/mdt-10-fig06.png)
@ -162,15 +127,10 @@ Once the MDT01 and MDT02 servers are prepared, you are ready to configure the ac
    Figure 6. Adding the Replication Group Members.

 5.  On the **Topology Selection** page, select the **Full mesh** option and click **Next**.
-
 6.  On the **Replication Group Schedule and Bandwidth** page, accept the default settings and click **Next**.
-
 7.  On the **Primary Member** page, select **MDT01** and click **Next**.
-
 8.  On the **Folders to Replicate** page, click **Add**, type in **E:\\MDTProduction** as the folder to replicate, click **OK**, and then click **Next**.
-
 9.  On the **Local Path of MDTProduction** on the **Other Members** page, select **MDT02**, and click **Edit**.
-
 10. On the **Edit** page, select the **Enabled** option, type in **E:\\MDTProduction** as the local path of folder, select the **Make the selected replicated folder on this member read-only** check box, click **OK**, and then click **Next**.

    ![figure 7](images/mdt-10-fig07.png)
@ -178,23 +138,14 @@ Once the MDT01 and MDT02 servers are prepared, you are ready to configure the ac
    Figure 7. Configure the MDT02 member.

 11. On the **Review Settings and Create Replication Group** page, click **Create**.
-
 12. On the **Confirmation** page, click **Close**.
-
 ### Configure replicated folders
-
 1.  On MDT01, using DFS Management, expand **Replication** and then select **MDTProduction**.
-
 2.  In the middle pane, right-click the **MDT01** member and select **Properties**.
-
 3.  On the **MDT01 (MDTProduction) Properties** page, configure the following and then click **OK**:
-
    1.  In the **Staging** tab, set the quota to **20480 MB**.
-
    2.  In the **Advanced** tab, set the quota to **8192 MB**.
-
        In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Here is a Windows PowerShell example that calculates the size of the 16 largest files in the E:\\MDTProduction deployment share:
-
        ``` syntax
        (Get-ChildItem E:\MDTProduction -Recurse | Sort-Object Length -Descending | Select-Object -First 16 | Measure-Object -Property Length -Sum).Sum /1GB
        ```
@ -204,34 +155,21 @@ Once the MDT01 and MDT02 servers are prepared, you are ready to configure the ac
    Figure 8. Configure the Staging settings.

 4.  In the middle pane, right-click the **MDT02** member and select **Properties**.
-
 5.  On the **MDT02 (MDTProduction) Properties** page, configure the following and then click **OK**:
-
    1.  In the **Staging** tab, set the quota to **20480 MB**.
-
    2.  In the **Advanced** tab, set the quota to **8192 MB**.

 **Note**  
 It will take some time for the replication configuration to be picked up by the replication members (MDT01 and MDT02). The time for the initial sync will depend on the WAN link speed between the sites. After that, delta changes are replicated quickly.
-
  
-
 ### Verify replication
-
 1.  On MDT02, wait until you start to see content appear in the **E:\\MDTProduction** folder.
-
 2.  Using DFS Management, expand **Replication**, right-click **MDTProduction**, and select **Create Diagnostics Report**.
-
 3.  In the Diagnostics Report Wizard, on the **Type of Diagnostics Report or Test** page, select **Health report** and click **Next**.
-
 4.  On the **Path and Name** page, accept the default settings and click **Next**.
-
 5.  On the **Members to Include** page, accept the default settings and click **Next**.
-
 6.  On the **Options** page, accept the default settings and click **Next**.
-
 7.  On the **Review Settings and Create Report** page, click **Create**.
-
 8.  Open the report in Internet Explorer, and if necessary, select the **Allow blocked content** option.

 ![figure 9](images/mdt-10-fig09.png)
@ -240,57 +178,37 @@ Figure 9. The DFS Replication Health Report.

 ## <a href="" id="sec04"></a>Configure Windows Deployment Services (WDS) in a remote site

-
 Like you did in the previous topic for MDT01, you need to add the MDT Production Lite Touch x64 Boot image to Windows Deployment Services on MDT02. For the following steps, we assume that WDS has already been installed on MDT02.
-
 1.  On MDT02, using the WDS console, right-click **Boot Images** and select **Add Boot Image**.
-
 2.  Browse to the E:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim file and add the image with the default settings.

 ## <a href="" id="sec05"></a>Deploy the Windows 10 client to the remote site

-
 Now you should have a solution ready for deploying the Windows 10 client to the remote site, Stockholm, connecting to the MDT Production deployment share replica on MDT02.

 1.  Create a virtual machine with the following settings:
-
    1.  Name: PC0006
-
    2.  Location: C:\\VMs
-
    3.  Generation: 2
-
    4.  Memory: 2048 MB
-
    5.  Hard disk: 60 GB (dynamic disk)
-
 2.  Start the PC0006 virtual machine, and press **Enter** to start the Pre-Boot Execution Environment (PXE) boot. The machine will now load the Windows PE boot image from the WDS server.
-
 3.  After Windows Preinstallation Environment (Windows PE) has booted, complete the Windows Deployment Wizard using the following settings:
-
    1.  Password: P@ssw0rd
-
    2.  Select a task sequence to execute on this computer:
-
        1.  Windows 10 Enterprise x64 RTM Custom Image
-
        2.  Computer Name: PC0006
-
        3.  Applications: Select the Install - Adobe Reader XI - x86 application
-
 4.  The setup will now start and do the following:
-
    1.  Install the Windows 10 Enterprise operating system.
-
    2.  Install the added application.
-
    3.  Update the operating system via your local Windows Server Update Services (WSUS) server.

 ## Related topics

-
 [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)

+
 [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)

 [Deploy a Windows 10 image using MDT 2013 Update 2](deploy-a-windows-10-image-using-mdt.md)
@ -300,12 +218,5 @@ Now you should have a solution ready for deploying the Windows 10 client to the
 [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)

 [Configure MDT settings](configure-mdt-2013-settings.md)
-
  
-
  
-
-
-
-
-
--- a/windows/deploy/change-history-for-deploy-windows-10.md
+++ b/windows/deploy/change-history-for-deploy-windows-10.md
@ -2,10 +2,10 @@
 title: Change history for Deploy Windows 10 (Windows 10)
 description: This topic lists new and updated topics in the Deploy Windows 10 documentation for Windows 10 and Windows 10 Mobile.
 ms.assetid: 19C50373-6B25-4F5C-A6EF-643D36904349
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---

 # Change history for Deploy Windows 10
--- a/windows/deploy/configure-client-computers-vamt.md
+++ b/windows/deploy/configure-client-computers-vamt.md
@ -2,17 +2,18 @@
 title: Configure Client Computers (Windows 10)
 description: Configure Client Computers
 ms.assetid: a48176c9-b05c-4dd5-a9ef-83073e2370fc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: activation
 author: jdeckerMS
 ---

 # Configure Client Computers
+
 To enable the Volume Activation Management Tool (VAMT) to function correctly, certain configuration changes are required on all client computers:

 -   An exception must be set in the client computer's firewall.
-
 -   A registry key must be created and set properly, for computers in a workgroup; otherwise, Windows® User Account Control (UAC) will not allow remote administrative operations.

 Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows.
@ -21,38 +22,29 @@ Organizations where the VAMT will be widely used may benefit from making these c
 This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](http://go.microsoft.com/fwlink/p/?LinkId=182933).

 ## Configuring the Windows Firewall to allow VAMT access
+
 Enable the VAMT to access client computers using the **Windows Firewall** Control Panel:
-
 1.  Open Control Panel and double-click **System and Security**.
-
 2.  Click **Windows Firewall**.
-
 3.  Click **Allow a program or feature through Windows Firewall**.
-
 4.  Click the **Change settings** option.
-
 5.  Select the **Windows Management Instrumentation (WMI)** checkbox.
-
 6.  Click **OK**.

    **Warning**  
    By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below.

 ## Configure Windows Firewall to allow VAMT access across multiple subnets
+
 Enable the VAMT to access client computers across multiple subnets using the **Windows Firewall with Advanced Security** Control Panel:

 ![VAMT Firewall configuration for multiple subnets](images/dep-win8-l-vamt-firewallconfigurationformultiplesubnets.gif)

 1.  Open the Control Panel and double-click **Administrative Tools**.
-
 2.  Click **Windows Firewall with Advanced Security**.
-
 3.  Make your changes for each of the following three WMI items, for the applicable Network Profile (Domain, Public, Private):
-
    -   Windows Management Instrumentation (ASync-In)
-
    -   Windows Management Instrumentation (DCOM-In)
-
    -   Windows Management Instrumentation (WMI-In)

 4. In the **Windows Firewall with Advanced Security** dialog box, select **Inbound Rules** from the left-hand panel.
@ -60,55 +52,38 @@ Enable the VAMT to access client computers across multiple subnets using the **W
 5. Right-click the desired rule and select **Properties** to open the **Properties** dialog box.
        
    - On the **General** tab, select the **Allow the connection** checkbox.
-
    - On the **Scope** tab, change the Remote IP Address setting from "Local Subnet" (default) to allow the specific access you need.
-
    - On the **Advanced** tab, verify selection of all profiles that are applicable to the network (Domain or Private/Public).

 In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports.
-
 For more info, see [How to configure RPC dynamic port allocation to work with firewalls](http://go.microsoft.com/fwlink/p/?LinkId=182911).

 ## Create a registry value for the VAMT to access workgroup-joined computer
+
 **Caution**  
 This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](http://go.microsoft.com/fwlink/p/?LinkId=182912).

 On the client computer, create the following registry key using regedit.exe.

 1.  Navigate to `HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system`
-
 2.  Enter the following details:
-
    **Value Name: LocalAccountTokenFilterPolicy**
-
    **Type: DWORD**
-
    **Value Data: 1**
-
    **Note**  
    To discover VAMT-manageable Windows computers in workgroups, you must enable network discovery on each client.

 ## Deployment options
+
 There are several options for organizations to configure the WMI firewall exception for computers:
-
 -   **Image.** Add the configurations to the master Windows image deployed to all clients.
-
 -   **Group Policy.** If the clients are part of a domain, then all clients can be configured using Group Policy. The Group Policy setting for the WMI firewall exception is found in GPMC.MSC at: **Computer Configuration\\Windows Settings\\Security Settings\\Windows Firewall with Advanced Security\\Windows Firewall with Advanced Security\\Inbound Rules**.
-
 -   **Script.** Execute a script using Microsoft System Center Configuration Manager or a third-party remote script execution facility.
-
 -   **Manual.** Configure the WMI firewall exception individually on each client.
-
 The above configurations will open an additional port through the Windows Firewall on target computers and should be performed on computers that are protected by a network firewall. In order to allow VAMT to query the up-to-date licensing status, the WMI exception must be maintained. We recommend administrators consult their network security policies and make clear decisions when creating the WMI exception.

 ## Related topics
+
 - [Install and Configure VAMT](install-configure-vamt.md)
-
  
-
  
-
-
-
-
-
--- a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
+++ b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
@ -2,21 +2,20 @@
 title: Configure MDT for UserExit scripts (Windows 10)
 description: In this topic, you will learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address.
 ms.assetid: 29a421d1-12d2-414e-86dc-25b62f5238a7
-keywords: ["rules, script"]
-ms.prod: W10
+keywords: rules, script
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: mdt
 author: mtniehaus
 ---

 # Configure MDT for UserExit scripts

-
 In this topic, you will learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address. MDT supports calling external VBScripts as part of the Gather process; these scripts are referred to as UserExit scripts. The script also removes the colons in the MAC Address.

 ## Configure the rules to call a UserExit script

-
 You can call a UserExit by referencing the script in your rules. Then you can configure a property to be set to the result of a function of the VBScript. In this example, we have a VBScript named Setname.vbs (provided in the book sample files, in the UserExit folder).

 ``` syntax
@ -32,7 +31,6 @@ The UserExit=Setname.vbs calls the script and then assigns the computer name to

 ## The Setname.vbs UserExit script

-
 The Setname.vbs script takes the MAC Address passed from the rules. The script then does some string manipulation to add a prefix (PC) and remove the semicolons from the MAC Address.

 ``` syntax
@ -48,17 +46,13 @@ Function SetName(sMac)
  SetName = "PC" & re.Replace(sMac, "")
 End Function
 ```
-
 The first three lines of the script make up a header that all UserExit scripts have. The interesting part is the lines between Function and End Function. Those lines add a prefix (PC), remove the colons from the MAC Address, and return the value to the rules by setting the SetName value.

 **Note**  
 The purpose of this sample is not to recommend that you use the MAC Address as a base for computer naming, but to show you how to take a variable from MDT, pass it to an external script, make some changes to it, and then return the new value to the deployment process.
-
  
-
 ## Related topics

-
 [Set up MDT for BitLocker](set-up-mdt-2013-for-bitlocker.md)

 [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
@ -72,12 +66,3 @@ The purpose of this sample is not to recommend that you use the MAC Address as a
 [Use web services in MDT](use-web-services-in-mdt-2013.md)

 [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt-2013.md)
-
- 
-
- 
-
-
-
-
-
--- a/windows/deploy/configure-mdt-2013-settings.md
+++ b/windows/deploy/configure-mdt-2013-settings.md
@ -2,18 +2,17 @@
 title: Configure MDT settings (Windows 10)
 description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) 2013 is its extension capabilities; there is virtually no limitation to what you can do in terms of customization.
 ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122
-keywords: ["customize, customization, deploy, features, tools"]
-ms.prod: W10
+keywords: customize, customization, deploy, features, tools
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: mdt
 author: mtniehaus
 ---

 # Configure MDT settings

-
 One of the most powerful features in Microsoft Deployment Toolkit (MDT) 2013 is its extension capabilities; there is virtually no limitation to what you can do in terms of customization. In this topic, you learn about configuring customizations for your environment.
-
 For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).

 ![figure 1](images/mdt-09-fig01.png)
@ -22,26 +21,17 @@ Figure 1. The machines used in this topic.

 ## In this section

-
 -   [Set up MDT for BitLocker](set-up-mdt-2013-for-bitlocker.md)
-
 -   [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
-
 -   [Configure MDT for UserExit scripts](configure-mdt-2013-for-userexit-scripts.md)
-
 -   [Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
-
 -   [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-
 -   [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt-2013.md)
-
 -   [Use web services in MDT](use-web-services-in-mdt-2013.md)
-
 -   [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt-2013.md)

 ## Related topics

-
 [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)

 [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
@ -53,12 +43,3 @@ Figure 1. The machines used in this topic.
 [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)

 [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
-
- 
-
- 
-
-
-
-
-
--- a/windows/deploy/configure-mdt-deployment-share-rules.md
+++ b/windows/deploy/configure-mdt-deployment-share-rules.md
@ -2,34 +2,29 @@
 title: Configure MDT deployment share rules (Windows 10)
 description: In this topic, you will learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine.
 ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b
-keywords: ["rules, configuration, automate, deploy"]
-ms.prod: W10
+keywords: rules, configuration, automate, deploy
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: mdt
 author: mtniehaus
 ---

 # Configure MDT deployment share rules

-
 In this topic, you will learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. The rules engine in MDT is powerful: most of the settings used for operating system deployments are retrieved and assigned via the rules engine. In its simplest form, the rules engine is the CustomSettings.ini text file.

 ## <a href="" id="sec01"></a>Assign settings

-
 When using MDT, you can assign setting in three distinct ways:
-
 -   You can pre-stage the information before deployment.
-
 -   You can prompt the user or technician for information.
-
 -   You can have MDT generate the settings automatically.

 In order illustrate these three options, let's look at some sample configurations.

 ## <a href="" id="sec02"></a>Sample configurations

-
 Before adding the more advanced components like scripts, databases, and web services, consider the commonly used configurations below; they demonstrate the power of the rules engine.

 ### Set computer name by MAC Address
@ -75,12 +70,10 @@ OSDComputerName=PC-%SerialNumber%
 ```

 In this sample, you configure the rules to set the computer name to a prefix (PC-) and then the serial number. If the serial number of the machine is CND0370RJ7, the preceding configuration sets the computer name to PC-CND0370RJ7.
-
 **Note**  
+
 Be careful when using the serial number to assign computer names. A serial number can contain more than 15 characters, but the Windows setup limits a computer name to 15 characters.
-
  
-
 ### Generate a limited computer name based on a serial number

 To avoid assigning a computer name longer than 15 characters, you can configure the rules in more detail by adding VBScript functions, as follows:
@ -112,7 +105,6 @@ MachineObjectOU=OU=Laptops,OU=Contoso,DC=contoso,DC=com

 ## Related topics

-
 [Set up MDT for BitLocker](set-up-mdt-2013-for-bitlocker.md)

 [Configure MDT for UserExit scripts](configure-mdt-2013-for-userexit-scripts.md)
@ -126,12 +118,3 @@ MachineObjectOU=OU=Laptops,OU=Contoso,DC=contoso,DC=com
 [Use web services in MDT](use-web-services-in-mdt-2013.md)

 [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt-2013.md)
-
- 
-
- 
-
-
-
-
-
--- a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@ -2,8 +2,8 @@
 title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
 description: In Microsoft System Center 2012 R2 Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features.
 ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
-keywords: ["tool, customize, deploy, boot image"]
-ms.prod: W10
+keywords: tool, customize, deploy, boot image
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
--- a/Show More
+++ b/Show More