diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index 03234dc869..87553ae281 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -53,6 +53,8 @@
# Update and recovery
## [Join the Windows Insider program](hololens-insider.md)
## [Restart, reset, or recover](hololens-recovery.md)
+## [Known issues](hololens-known-issues.md)
+## [Frequently asked questions](hololens-faq.md)
# [Give us feedback](hololens-feedback.md)
# [Change history for Microsoft HoloLens documentation](change-history-hololens.md)
diff --git a/devices/hololens/holographic-3d-viewer-beta.md b/devices/hololens/holographic-3d-viewer-beta.md
index 0aada1fe55..14514a5133 100644
--- a/devices/hololens/holographic-3d-viewer-beta.md
+++ b/devices/hololens/holographic-3d-viewer-beta.md
@@ -6,8 +6,9 @@ ms.sitesec: library
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
+audience: ITPro
ms.localizationpriority: medium
-ms.date: 9/3/19
+ms.date: 10/30/2019
ms.reviewer:
manager: jarrettr
appliesto:
@@ -59,22 +60,22 @@ If you're having trouble after reading these topics, see [Troubleshooting](#trou
- Scale/rotation/translation animation on individual objects
- Skeletal (rigged) animation with skinning
- - Maximum of 4 influences per vertex
+ - Maximum of 4 influences per vertex
### Materials
- Lambert and Phong materials are supported, with adjustable parameters
- Supported material properties for Lambert
- - Main Texture (RGB + Alpha Test)
- - Diffuse Color (RGB)
- - Ambient Color (RGB)
+ - Main Texture (RGB + Alpha Test)
+ - Diffuse Color (RGB)
+ - Ambient Color (RGB)
- Supported material properties for Phong
- - Main Texture (RGB + Alpha Test)
- - Diffuse Color (RGB)
- - Ambient Color (RGB)
- - Specular Color (RGB)
- - Shininess
- - Reflectivity
+ - Main Texture (RGB + Alpha Test)
+ - Diffuse Color (RGB)
+ - Ambient Color (RGB)
+ - Specular Color (RGB)
+ - Shininess
+ - Reflectivity
- Custom materials are not supported
- Maximum of one material per mesh
- Maximum of one material layer
diff --git a/devices/hololens/holographic-custom-apps.md b/devices/hololens/holographic-custom-apps.md
index 4936fab2b7..0a86a7b37a 100644
--- a/devices/hololens/holographic-custom-apps.md
+++ b/devices/hololens/holographic-custom-apps.md
@@ -35,7 +35,6 @@ You can install your own applications on HoloLens either by using the Device Por
> Make sure to reference any associated dependency and certificate files.
1. Select **Go**.
-
### Deploying from Microsoft Visual Studio 2015
@@ -44,7 +43,6 @@ You can install your own applications on HoloLens either by using the Device Por
1. Open the project's **Properties**.
1. Select the following build configuration: **Master/x86/Remote Machine**.
1. When you select **Remote Machine**:
-
- Make sure the address points to the Wi-Fi IP address of your HoloLens.
- Set authentication to **Universal (Unencrypted Protocol)**.
1. Build your solution.
diff --git a/devices/hololens/hololens-FAQ.md b/devices/hololens/hololens-FAQ.md
new file mode 100644
index 0000000000..203d5185f8
--- /dev/null
+++ b/devices/hololens/hololens-FAQ.md
@@ -0,0 +1,217 @@
+---
+title: Frequently asked questions about HoloLens and holograms
+description: Do you have a quick question about HoloLens or interacting with holograms? This article provides a quick answer and more resources.
+keywords: hololens, faq, known issue, help
+ms.prod: hololens
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+audience: ITPro
+ms.localizationpriority: medium
+ms.date: 10/30/2019
+ms.reviewer:
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# HoloLens and holograms: Frequently asked questions
+
+Here are some answers to questions you might have about using HoloLens, placing holograms, working with spaces, and more.
+
+Any time you're having problems, make sure HoloLens is [charged up](https://support.microsoft.com/help/12627/hololens-charge-your-hololens). Try [restarting it](hololens-restart-recover.md) to see if that fixes things. And please use the Feedback app to send us info about the issue—you'll find it on the [**Start** menu](holographic-home.md).
+
+For tips about wearing your HoloLens, see [HoloLens fit and comfort: FAQ](https://support.microsoft.com/help/13405/hololens-fit-and-comfort-faq).
+
+This FAQ addresses the following questions and issues:
+
+
+- [My holograms don't look right or are moving around](#my-holograms-dont-look-right-or-are-moving-around)
+- [I see a message that says "Finding your space"](#i-see-a-message-that-says-finding-your-space)
+- [I'm not seeing the holograms I expect to see in my space](#im-not-seeing-the-holograms-i-expect-to-see-in-my-space)
+- [I can't place holograms where I want](#i-cant-place-holograms-where-i-want)
+- [Holograms disappear or are encased in other holograms or objects](#holograms-disappear-or-are-encased-in-other-holograms-or-objects)
+- [I can see holograms that are on the other side of a wall](#i-can-see-holograms-that-are-on-the-other-side-of-a-wall)
+- [When I place a hologram on a wall, it seems to float](#when-i-place-a-hologram-on-a-wall-it-seems-to-float)
+- [Apps appear too close to me when I'm trying to move them](#apps-appear-too-close-to-me-when-im-trying-to-move-them)
+- [I'm getting a low disk space error](#im-getting-a-low-disk-space-error)
+- [HoloLens doesn't respond to my gestures](#hololens-doesnt-respond-to-my-gestures)
+- [HoloLens doesn't respond to my voice](#hololens-doesnt-respond-to-my-voice)
+- [I'm having problems pairing or using a Bluetooth device](#im-having-problems-pairing-or-using-a-bluetooth-device)
+- [I'm having problems with the HoloLens clicker](#im-having-problems-with-the-hololens-clicker)
+- [I can't connect to Wi-Fi](#i-cant-connect-to-wi-fi)
+- [My HoloLens isn't running well, is unresponsive, or won't start](#my-hololens-isnt-running-well-is-unresponsive-or-wont-start)
+- [How do I delete all spaces?](#how-do-i-delete-all-spaces)
+- [I cannot find or use the keyboard to type in the HoloLens 2 Emulator](#i-cannot-find-or-use-the-keyboard-to-type-in-the-hololens-2-emulator)
+
+## My holograms don't look right or are moving around
+
+If your holograms don't look right (for example, they're jittery or shaky, or you see black patches on top of them), try one of these fixes:
+
+- [Clean your device visor](hololens1-hardware.md#care-and-cleaning) and make sure nothing is blocking the sensors.
+- Make sure you're in a well-lit room without a lot of direct sunlight.
+- Try walking around and gazing at your surroundings so HoloLens can scan them more completely.
+- If you've placed a lot of holograms, try removing some.
+
+If you're still having problems, trying running the Calibration app, which calibrates your HoloLens just for you, to help keep your holograms looking their best. Go to **Settings **>** System **>** Utilities**. Under Calibration, select **Open Calibration**.
+
+[Back to list](#list)
+
+## I see a message that says Finding your space
+
+When HoloLens is learning or loading a space, you might see a brief message that says "Finding your space." If this message continues for more than a few seconds, you'll see another message under the Start menu that says "Still looking for your space."
+
+These messages mean that HoloLens is having trouble mapping your space. When this happens, you'll be able to open apps, but you won't be able to place holograms in your environment.
+
+If you see these messages often, try the following:
+
+- Make sure you're in a well-lit room without a lot of direct sunlight.
+- Make sure your device visor is clean. [Learn how](hololens1-hardware.md#care-and-cleaning).
+- Make sure you have a strong Wi-Fi signal. If you enter a new environment that has no Wi-Fi or a weak signal, HoloLens won't be able find your space. Check your Wi-Fi connection by going to **Settings **> **Network & Internet** >** Wi-Fi**.
+- Try moving more slowly.
+
+[Back to list](#list)
+
+## I'm not seeing the holograms I expect to see in my space
+
+If you don't see holograms you placed, or you're seeing some you don't expect, try the following:
+
+- Try turning on some lights. HoloLens works best in a well-lit space.
+- Remove holograms you don't need by going to **Settings** > **System** > **Holograms** > **Remove nearby holograms**. Or, if needed, select **Remove all holograms**.
+
+ > [!NOTE]
+ > If the layout or lighting in your space changes significantly, your device might have trouble identifying your space and showing your holograms.
+
+[Back to list](#list)
+
+## I can't place holograms where I want
+
+Here are some things to try if you're having trouble placing holograms:
+
+- Stand about 1 to 3 meters from where you're trying to place the hologram.
+- Don't place holograms on black or reflective surfaces.
+- Make sure you're in a well-lit room without a lot of direct sunlight.
+- Walk around the rooms so HoloLens can rescan your surroundings. To see what's already been scanned, air tap to reveal the mapping mesh graphic.
+
+[Back to list](#list)
+
+## Holograms disappear or are encased in other holograms or objects
+
+If you get too close to a hologram, it will temporarily disappear—just move away from it. Also, if you've placed a lot of holograms close together, some may disappear. Try removing a few.
+
+Holograms can also be blocked or encased by other holograms or by objects such as walls. If this happens, try one of the following:
+
+- If the hologram is encased in another hologram, move it to another location: select **Adjust**, then tap and hold to position it.
+- If the hologram is encased in a wall, select **Adjust**, then walk toward the wall until the hologram appears. Tap and hold, then pull the hologram forward and out of the wall.
+- If you can't move the hologram with gestures, use your voice to remove it. Gaze at the hologram, then say "Remove." Then reopen it and place it in a new location.
+
+[Back to list](#list)
+
+## I can see holograms that are on the other side of a wall
+
+If you're very close to a wall, or if HoloLens hasn't scanned the wall yet, you'll be able to see holograms that are in the next room. Stand 1 to 3 meters from the wall and gaze to scan it.
+
+If HoloLens has problems scanning the wall, it might be because there's a black or reflective object nearby (for example, a black couch or a stainless steel refrigerator). If there is, scan the other side of the wall.
+
+[Back to list](#list)
+
+## When I place a hologram on a wall, it seems to float
+
+Holograms placed on walls will appear to be an inch or so away from the wall. If they appear farther away, try the following:
+
+- Stand 1 to 3 meters from the wall when you place a hologram and face the wall straight on.
+- Air tap the wall to reveal the mapping mesh graphic. Make sure the mesh is lined up with the wall. If it isn't, remove the hologram, rescan the wall, and try again.
+- If the issue persists, run the Calibration app. You'll find it in **Settings** > **System** > **Utilities**.
+
+[Back to list](#list)
+
+## Apps appear too close to me when I'm trying to move them
+
+Try walking around and looking at the area where you're placing the app so HoloLens will scan it from different angles. [Cleaning your device visor](hololens1-hardware.md#care-and-cleaning) may also help.
+
+[Back to list](#list)
+
+## I'm getting a low disk space error
+
+Free up some storage space by doing one or more of the following:
+
+- Remove some of the holograms you've placed, or remove some saved data from within apps. [How do I find my data?](hololens-find-and-save-files.md)
+- Delete some pictures and videos in the Photos app.
+- Uninstall some apps from your HoloLens. In the All apps list, tap and hold the app you want to uninstall, then select **Uninstall**. (This will also delete any of the app's data stored on the device.)
+
+[Back to list](#list)
+
+## HoloLens doesn't respond to my gestures
+
+To make sure HoloLens can see your gestures, keep your hand in the gesture frame, which extends a couple of feet on either side of you. HoloLens can also best see your hand when you hold it about 18 inches in front of your body (though you don't have to be precise about this). When HoloLens can see your hand, the cursor will change from a dot to a ring. Learn more about [using gestures in HoloLens 2](hololens2-basic-usage.md) or [using gestures in HoloLens (1st gen)](hololens1-basic-usage.md).
+
+[Back to list](#list)
+
+## HoloLens doesn't respond to my voice
+
+If Cortana isn't responding to your voice, make sure Cortana is on. In the **All apps** list, select **Cortana** > **Menu** > **Notebook** > **Settings** to make changes. To learn more about what you can say, see [Use your voice with HoloLens](hololens-cortana.md).
+
+[Back to list](#list)
+
+## I'm having problems pairing or using a Bluetooth device
+
+If you're having problems [pairing a Bluetooth device](hololens-connect-devices.md), try the following:
+
+- Go to **Settings** > **Devices** and make sure Bluetooth is turned on. If it is, try turning if off and on again.
+- Make sure your Bluetooth device is fully charged or has fresh batteries.
+- If you still can't connect, [restart your HoloLens](hololens-recovery.md).
+
+If you're having trouble using a Bluetooth device, make sure it's a supported device. Supported devices include:
+
+- English-language QWERTY Bluetooth keyboards, which can be used anywhere you use the holographic keyboard.
+- Bluetooth mice.
+- The [HoloLens clicker](hololens1-clicker.md).
+
+Other Bluetooth HID and GATT devices can be paired, but they might require a companion app from Microsoft Store to work with HoloLens.
+
+HoloLens doesn't support Bluetooth audio profiles. Bluetooth audio devices, such as speakers and headsets, may appear as available in HoloLens settings, but they aren't supported.
+
+[Back to list](#list)
+
+## I'm having problems with the HoloLens clicker
+
+Use the [clicker](hololens1-clicker.md) to select, scroll, move, and resize holograms. Additional clicker gestures may vary from app to app.
+
+If you're having trouble using the clicker, make sure its charged and paired with your HoloLens. If the battery is low, the indicator light will blink amber. To see if its paired, go to **Settings** > **Devices** and see if it shows up there. [Pair the clicker](hololens-connect-devices.md#pair-the-clicker).
+
+If the clicker is charged and paired and you're still having problems, reset it by holding down the main button and the pairing button for 15 seconds. Then pair the clicker with your HoloLens again.
+
+If that doesn't help, see [Restart or recover the HoloLens clicker](hololens1-clicker.md#restart-or-recover-the-clicker).
+
+[Back to list](#list)
+
+## I can't connect to Wi-Fi
+
+Here are some things to try if you can't connect to Wi-Fi on HoloLens:
+
+- Make sure Wi-Fi is turned on. Bloom to go to Start, then select **Settings** > **Network & Internet** > **Wi-Fi** to check. If Wi-Fi is on, try turning it off and on again.
+- Move closer to the router or access point.
+- Restart your Wi-Fi router, then [restart HoloLens](hololens-recovery.md). Try connecting again.
+- If none of these things work, check to make sure your router is using the latest firmware. You can find this information on the manufacturers website.
+
+[Back to list](#list)
+
+## My HoloLens isn't running well, is unresponsive, or won't start
+
+If your device isn't performing properly, see [Restart, reset, or recover HoloLens](hololens-recovery.md).
+
+[Back to list](#list)
+
+## How do I delete all spaces?
+
+*Coming soon*
+
+[Back to list](#list)
+
+## I cannot find or use the keyboard to type in the HoloLens 2 Emulator
+
+*Coming soon*
+
+[Back to list](#list)
diff --git a/devices/hololens/hololens-commercial-features.md b/devices/hololens/hololens-commercial-features.md
index 1b3fdcdcd4..309d81e904 100644
--- a/devices/hololens/hololens-commercial-features.md
+++ b/devices/hololens/hololens-commercial-features.md
@@ -1,11 +1,12 @@
---
title: Commercial features
description: The Microsoft HoloLens Commercial Suite includes features that make it easier for businesses to manage HoloLens devices. HoloLens 2 devices are equipped with commercial features by default.
+keywords: HoloLens, commercial, features, mdm, mobile device management, kiosk mode
author: scooley
ms.author: scooley
-ms.date: 08/26/19
+ms.date: 08/26/2019
ms.topic: article
-keywords: HoloLens, commercial, features, mdm, mobile device management, kiosk mode
+audience: ITPro
ms.prod: hololens
ms.sitesec: library
ms.localizationpriority: high
@@ -53,7 +54,7 @@ HoloLens (1st gen) came with two licensing options, the developer license and a
|Ability to block unenrollment | |✔️ |✔️ |
|Cert-based corporate Wi-Fi access | |✔️ |✔️ |
|Microsoft Store (Consumer) |Consumer |Filter by using MDM |Filter by using MDM |
-[Business Store Portal](https://docs.microsoft.com/microsoft-store/working-with-line-of-business-apps) | |✔️ |✔️ |
+|[Business Store Portal](https://docs.microsoft.com/microsoft-store/working-with-line-of-business-apps) | |✔️ |✔️ |
|**Security and identity** | | | |
|Sign in by using Azure Active Directory (AAD) account |✔️ |✔️ |✔️ |
|Sign in by using Microsoft Account (MSA) |✔️ |✔️ |✔️ |
diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md
index 5ffe60d2e1..f95a0321eb 100644
--- a/devices/hololens/hololens-cortana.md
+++ b/devices/hololens/hololens-cortana.md
@@ -106,7 +106,7 @@ Here are some things you can try saying (remember to say "Hey Cortana" first).
- Stop recording. (Stops recording a video.)
- Call <*contact*>. (Requires Skype.)
- What time is it?
-- Show me the latest NBA scores.
+- Show me the latest NBA scores.
- How much battery do I have left?
- Tell me a joke.
diff --git a/devices/hololens/hololens-encryption.md b/devices/hololens/hololens-encryption.md
index 62352e9767..6c8b9118e6 100644
--- a/devices/hololens/hololens-encryption.md
+++ b/devices/hololens/hololens-encryption.md
@@ -50,6 +50,7 @@ Provisioning packages are files created by the Windows Configuration Designer to
1. Find the XML license file that was provided when you purchased the Commercial Suite.
+1. Browse to and select the XML license file that was provided when you purchased the Commercial Suite.
>[!NOTE]
>You can configure [additional settings in the provisioning package](hololens-provisioning.md).
@@ -87,7 +88,7 @@ Provisioning packages are files created by the Windows Configuration Designer to
1. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with device setup.
>[!NOTE]
->If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package.
+>If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package.
## Verify device encryption
diff --git a/devices/hololens/hololens-enroll-mdm.md b/devices/hololens/hololens-enroll-mdm.md
index 2fd5775041..dc042a0f9f 100644
--- a/devices/hololens/hololens-enroll-mdm.md
+++ b/devices/hololens/hololens-enroll-mdm.md
@@ -1,16 +1,19 @@
---
-title: Enroll HoloLens in MDM (HoloLens)
+title: Enroll HoloLens in MDM
description: Enroll HoloLens in mobile device management (MDM) for easier management of multiple devices.
ms.prod: hololens
-ms.mktglfcycl: manage
ms.sitesec: library
-author: dansimp
-ms.author: dansimp
+ms.assetid: 2a9b3fca-8370-44ec-8b57-fb98b8d317b0
+author: scooley
+ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 07/15/2019
ms.reviewer:
manager: dansimp
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
---
# Enroll HoloLens in MDM
@@ -39,3 +42,7 @@ When auto-enrollment is enabled, no additional manual enrollment is needed. When
1. Upon successful authentication to the MDM server, a success message is shown.
Your device is now enrolled with your MDM server. The device will need to restart to acquire policies, certificates, and apps. The Settings app will now reflect that the device is enrolled in device management.
+
+## Unenroll HoloLens from Intune
+
+You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard.
\ No newline at end of file
diff --git a/devices/hololens/hololens-environment-considerations.md b/devices/hololens/hololens-environment-considerations.md
index fd573a27c0..e09691dddf 100644
--- a/devices/hololens/hololens-environment-considerations.md
+++ b/devices/hololens/hololens-environment-considerations.md
@@ -77,7 +77,7 @@ The cameras can see no closer than 15cm from an object.
### Surfaces in a space
-Strongly reflective surfaces will likely look different depending on the angle, which affects tracking. Think of a brand new car—when you move around it, light reflects and you see different objects in the surface as you move. To the tracker, the different objects reflected in the surface represent a changing environment, and the device loses tracking.
+Strongly reflective surfaces will likely look different depending on the angle, which affects tracking. Think of a brand new car - when you move around it, light reflects and you see different objects in the surface as you move. To the tracker, the different objects reflected in the surface represent a changing environment, and the device loses tracking.
Less shiny objects are easier to track against.
diff --git a/devices/hololens/hololens-feedback.md b/devices/hololens/hololens-feedback.md
index 51509d0833..3199517a90 100644
--- a/devices/hololens/hololens-feedback.md
+++ b/devices/hololens/hololens-feedback.md
@@ -80,4 +80,3 @@ To easily direct other people (such as co-workers, Microsoft staff, [forum](http
1. Enter your feedback.
1. If you are reporting a reproducible issue, you can select **Reproduce**. Without closing Feedback Hub, reproduce the issue. After you finish, come back to Feedback Hub and select **I’m done**. The app adds a mixed reality capture of your repro and relevant diagnostic logs to your feedback.
1. Select **Post feedback**, and you’re done.
-
diff --git a/devices/hololens/hololens-find-and-save-files.md b/devices/hololens/hololens-find-and-save-files.md
index 8a9687ea25..098b387e5b 100644
--- a/devices/hololens/hololens-find-and-save-files.md
+++ b/devices/hololens/hololens-find-and-save-files.md
@@ -12,6 +12,9 @@ author: v-miegge
ms.author: v-miegge
ms.topic: article
ms.localizationpriority: medium
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
---
# Find and save files on HoloLens
diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md
index 5eaf9ad296..604048e203 100644
--- a/devices/hololens/hololens-insider.md
+++ b/devices/hololens/hololens-insider.md
@@ -10,6 +10,9 @@ ms.localizationpriority: medium
ms.date: 10/23/2018
ms.reviewer:
manager: dansimp
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
---
# Insider preview for Microsoft HoloLens
diff --git a/devices/hololens/hololens-known-issues.md b/devices/hololens/hololens-known-issues.md
new file mode 100644
index 0000000000..2fa916f8d0
--- /dev/null
+++ b/devices/hololens/hololens-known-issues.md
@@ -0,0 +1,169 @@
+---
+title: HoloLens known issues
+description: This is the list of known issues that may affect HoloLens developers.
+keywords: troubleshoot, known issue, help
+author: mattzmsft
+ms.author: mazeller
+ms.date: 8/30/2019
+ms.topic: article
+HoloLens and holograms: Frequently asked questions
+manager: jarrettr
+ms.prod: hololens
+appliesto:
+- HoloLens 1
+---
+
+# HoloLens known issues
+
+This is the current list of known issues for HoloLens that affect developers. Check here first if you are seeing an odd behavior. This list will be kept updated as new issues are discovered or reported, or as issues are addressed in future HoloLens software updates.
+
+## Unable to connect and deploy to HoloLens through Visual Studio
+
+>[!NOTE]
+>Last Update: 8/8 @ 5:11PM - Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error.
+
+Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error.
+
+Issue root-cause: Users who used Visual Studio 2015 or early releases of Visual Studio 2017 to deploy and debug applications on their HoloLens and then subsequently used the latest versions of Visual Studio 2017 or Visual Studio 2019 with the same HoloLens will be affected. The newer releases of Visual Studio deploy a new version of a component, but files from the older version are left over on the device, causing the newer version to fail. This causes the following error message: DEP0100: Please ensure that target device has developer mode enabled. Could not obtain a developer license on \ due to error 80004005.
+
+### Workaround
+
+Our team is currently working on a fix. In the meantime, you can use the following steps to work around the issue and help unblock deployment and debugging:
+
+1. Open Visual Studio
+1. Select **File** > **New** > **Project**.
+1. Select **Visual C#** > **Windows Desktop** > **Console App (.NET Framework)**.
+1. Give the project a name (such as "HoloLensDeploymentFix") and make sure the Framework is set to at least .NET Framework 4.5, then Select **OK**.
+1. Right-click on the **References** node in Solution Explorer and add the following references (select to the **Browse** section and select **Browse**):
+
+ ``` CMD
+ C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\Microsoft.Tools.Deploy.dll
+ C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\Microsoft.Tools.Connectivity.dll
+ C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\SirepInterop.dll
+ ```
+
+ >[!NOTE]
+ >If you don't have 10.0.18362.0 installed, use the most recent version that you have.
+
+1. Right-click on the project in Solution Explorer and select **Add** > **Existing Item**.
+1. Browse to C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86 and change the filter to **All Files (\*.\*)**.
+1. Select both SirepClient.dll and SshClient.dll, and Select **Add**.
+1. Locate and select both files in Solution Explorer (they should be at the bottom of the list of files) and change **Copy to Output Directory** in the **Properties** window to **Copy always**.
+1. At the top of the file, add the following to the existing list of `using` statements:
+
+ ``` CMD
+ using Microsoft.Tools.Deploy;
+ using System.Net;
+ ```
+
+1. Inside of `static void Main(...)`, add the following code:
+
+ ``` PowerShell
+ RemoteDeployClient client = RemoteDeployClient.CreateRemoteDeployClient();
+ client.Connect(new ConnectionOptions()
+ {
+ Credentials = new NetworkCredential("DevToolsUser", string.Empty),
+ IPAddress = IPAddress.Parse(args[0])
+ });
+ client.RemoteDevice.DeleteFile(@"C:\Data\Users\DefaultAccount\AppData\Local\DevelopmentFiles\VSRemoteTools\x86\CoreCLR\mscorlib.ni.dll");
+ ```
+
+1. Select **Build** > **Build Solution**.
+1. Open a Command Prompt Window and cd to the folder that contains the compiled .exe file (for example, C:\MyProjects\HoloLensDeploymentFix\bin\Debug)
+1. Run the executable and provide the device's IP address as a command-line argument. (If connected using USB, you can use 127.0.0.1, otherwise use the device’s Wi-Fi IP address.) For example, "HoloLensDeploymentFix 127.0.0.1"
+
+1. After the tool has exited without any messages (this should only take a few seconds), you will now be able to deploy and debug from Visual Studio 2017 or newer. Continued use of the tool is not necessary.
+
+We will provide further updates as they become available.
+
+## Issues launching the Microsoft Store and apps on HoloLens
+
+> [!NOTE]
+> Last Update: 4/2 @ 10 AM - Issue resolved.
+
+You may experience issues when trying to launch the Microsoft Store and apps on HoloLens. We've determined that the issue occurs when background app updates deploy a newer version of framework packages in specific sequences while one or more of their dependent apps are still running. In this case, an automatic app update delivered a new version of the .NET Native Framework (version 10.0.25531 to 10.0.27413) caused the apps that are running to not correctly update for all running apps consuming the prior version of the framework. The flow for framework update is as follows:
+
+1. The new framework package is downloaded from the store and installed
+1. All apps using the older framework are ‘updated’ to use the newer version
+
+If step 2 is interrupted before completion then any apps for which the newer framework wasn’t registered will fail to launch from the start menu. We believe any app on HoloLens could be affected by this issue.
+
+Some users have reported that closing hung apps and launching other apps such as Feedback Hub, 3D Viewer or Photos resolves the issue for them—however, this does not work 100% of the time.
+
+We have root caused that this issue was not caused the update itself, but a bug in the OS that resulted in the .NET Native framework update being handled incorrectly. We are pleased to announce that we have identified a fix and have released an update (OS version 17763.380) containing the fix.
+
+To see if your device can take the update, please:
+
+1. Go to the Settings app and open **Update & Security**.
+1. Select **Check for Updates**.
+1. If update to 17763.380 is available, please update to this build to receive the fix for the App Hang bug
+1. Upon updating to this version of the OS, the Apps should work as expected.
+
+Additionally, as we do with every HoloLens OS release, we have posted the FFU image to the [Microsoft Download Center](https://aka.ms/hololensdownload/10.0.17763.380).
+
+If you would not like to take the update, we have released a new version of the Microsoft Store UWP app as of 3/29. After you have the updated version of the Store:
+
+1. Open the Store and confirm that it loads.
+1. Use the bloom gesture to open the menu.
+1. Attempt to open previously broken apps.
+1. If it still cannot be launched, tap and hold the icon of the broken app and select uninstall.
+1. Resinstall these apps from the store.
+
+If your device is still unable to load apps, you can sideload a version of the .NET Native Framework and Runtime through the download center by following these steps:
+
+1. Please download [this zip file](https://download.microsoft.com/download/8/5/C/85C23745-794C-419D-B8D7-115FBCCD6DA7/netfx_1.7.zip) from the Microsoft Download Center. Unzipping will produce two files. Microsoft.NET.Native.Runtime.1.7.appx and Microsoft.NET.Native.Framework.1.7.appx
+1. Please verify that your device is dev unlocked. If you haven’t done that before the instructions to do that are [here](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal).
+1. You then want to get into the Windows Device Portal. Our recommendation is to do this over USB and you would do that by typing http://127.0.0.1:10080 into your browser.
+1. After you have the Windows Device Portal up we need you to “side load” the two files that you downloaded. To do that you need to go down the left side bar until you get to the **Apps** section and select **Apps**.
+1. You will then see a screen that is similar to the below. You want to go to the section that says **Install App** and browse to where you unzipped those two APPX files. You can only do one at a time, so after you select the first one, then click on “Go” under the Deploy section. Then do this for the second APPX file.
+
+ 
+1. At this point we believe your applications should start working again and that you can also get to the Store.
+1. In some cases, it is necessary run the additional step of launching the 3D Viewer app before affected apps will launch.
+
+We appreciate your patience as we have gone through the process to get this issue resolved, and we look forward to continued working with our community to create successful Mixed Reality experiences.
+
+## Connecting to WiFi
+
+During HoloLens Setup, there is a credential timeout of 2 minutes. The username/password needs to be entered within 2 minutes otherwise the username field will be automatically cleared.
+
+We recommend using a Bluetooth keyboard for entering long passwords.
+
+> [!NOTE]
+> If the wrong network is selected during HoloLens Setup, the device will need to be fully reset. Instructions can be found [here.](hololens-restart-recover.md)
+
+## Device Update
+
+- 30 seconds after a new update, the shell may disappear one time. Please perform the **bloom** gesture to resume your session.
+
+## Visual Studio
+
+- See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Visual Studio that is recommended for HoloLens development.
+- When deploying an app from Visual Studio to your HoloLens, you may see the error: **The requested operation cannot be performed on a file with a user-mapped section open. (Exception from HRESULT: 0x800704C8)**. If this happens, try again and your deployment will generally succeed.
+
+## Emulator
+
+- Not all apps in the Microsoft Store are compatible with the emulator. For example, Young Conker and Fragments are not playable on the emulator.
+- You cannot use the PC webcam in the Emulator.
+- The Live Preview feature of the Windows Device Portal does not work with the emulator. You can still capture Mixed Reality videos and images.
+
+## Unity
+
+- See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Unity recommended for HoloLens development.
+- Known issues with the Unity HoloLens Technical Preview are documented in the [HoloLens Unity forums](https://forum.unity3d.com/threads/known-issues.394627/).
+
+## Windows Device Portal
+
+- The Live Preview feature in Mixed Reality capture may exhibit several seconds of latency.
+- On the Virtual Input page, the Gesture and Scroll controls under the Virtual Gestures section are not functional. Using them will have no effect. The virtual keyboard on the same page works correctly.
+- After enabling Developer Mode in Settings, it may take a few seconds before the switch to turn on the Device Portal is enabled.
+
+## API
+
+- If the application sets the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) behind the user or the normal to camera.forward, holograms will not appear in Mixed Reality Capture photos or videos. Until this bug is fixed in Windows, if applications actively set the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) they should ensure the plane normal is set opposite camera-forward (for example, normal = -camera.forward).
+
+## Xbox Wireless Controller
+
+- Xbox Wireless Controller S must be updated before it can be used with HoloLens. Ensure you are [up to date](https://support.xbox.com/xbox-one/accessories/update-controller-for-stereo-headset-adapter) before attempting to pair your controller with a HoloLens.
+- If you reboot your HoloLens while the Xbox Wireless Controller is connected, the controller will not automatically reconnect to HoloLens. The Guide button light will flash slowly until the controller powers off after 3 minutes. To reconnect your controller immediately, power off the controller by holding the Guide button until the light turns off. When you power your controller on again, it will reconnect to HoloLens.
+- If your HoloLens enters standby while the Xbox Wireless Controller is connected, any input on the controller will wake the HoloLens. You can prevent this by powering off your controller when you are done using it.
diff --git a/devices/hololens/hololens-multiple-users.md b/devices/hololens/hololens-multiple-users.md
index 70bee8bc2d..d9d6704c78 100644
--- a/devices/hololens/hololens-multiple-users.md
+++ b/devices/hololens/hololens-multiple-users.md
@@ -21,6 +21,8 @@ It's common to share one HoloLens with many people or to have many people share
## Share with multiple people, each using their own account
+**Prerequisite**: The HoloLens device must be running Windows 10, version 1803 or later. HoloLens (1st gen) also need to be [upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
+
When they use their own Azure Active Directory (Azure AD) accounts, multiple users can each keep their own user settings and user data on the device.
To make sure that multiple people can use their own accounts on your HoloLens, follow these steps to configure it:
diff --git a/devices/hololens/hololens-status.md b/devices/hololens/hololens-status.md
index 9438c6d9d2..ca4e503851 100644
--- a/devices/hololens/hololens-status.md
+++ b/devices/hololens/hololens-status.md
@@ -16,7 +16,7 @@ ms.sitesec: library
✔️ **All services are active**
-**Key** ✔️ Good, ⓘ Information, ⚠ Warning, ❌ Critical
+**Key** ✔️ Good, ⓘ Information, ⚠ Warning, ❌ Critical
Area|HoloLens (1st gen)|HoloLens 2
----|:----:|:----:
@@ -27,10 +27,10 @@ Area|HoloLens (1st gen)|HoloLens 2
## Notes and related topics
-[Frequently asked questions about using Skype for HoloLens](https://support.skype.com/en/faq/FA34641/frequently-asked-questions-about-using-skype-for-hololens)
+[Frequently asked questions about using Skype for HoloLens](https://support.skype.com/faq/FA34641/frequently-asked-questions-about-using-skype-for-hololens)
For more details about the status of the myriad Azure Services that can connect to HoloLens, see [Azure status](https://azure.microsoft.com/status/).
-For more details about current known issues, see [HoloLens known issues](https://docs.microsoft.com/windows/mixed-reality/hololens-known-issues).
+For more details about current known issues, see [HoloLens known issues](hololens-known-issues.md).
Follow HoloLens on [Twitter](https://twitter.com/HoloLens) and subscribe on [Reddit](https://www.reddit.com/r/HoloLens/).
diff --git a/devices/hololens/images/20190322-DevicePortal.png b/devices/hololens/images/20190322-DevicePortal.png
new file mode 100644
index 0000000000..7fdd2e34b3
Binary files /dev/null and b/devices/hololens/images/20190322-DevicePortal.png differ
diff --git a/devices/hololens/index.md b/devices/hololens/index.md
index 2db4f6d0c9..6725da5e81 100644
--- a/devices/hololens/index.md
+++ b/devices/hololens/index.md
@@ -1,6 +1,6 @@
---
-title: Microsoft HoloLens (HoloLens)
-description: Landing page for HoloLens commercial and enterprise management.
+title: Microsoft HoloLens
+description: Landing page Microsoft HoloLens.
ms.prod: hololens
ms.sitesec: library
ms.assetid: 0947f5b3-8f0f-42f0-aa27-6d2cad51d040
@@ -8,7 +8,12 @@ author: scooley
ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
-ms.date: 07/14/2019
+ms.date: 10/14/2019
+audience: ITPro
+appliesto:
+- HoloLens 1
+- HoloLens 2
+
---
# Microsoft HoloLens
@@ -21,33 +26,33 @@ ms.date: 07/14/2019
To learn more about HoloLens 2 for developers, check out the mixed reality developer documentation.
- |
+To buy HoloLens, check out HoloLens pricing and sales on microsoft.com/HoloLens.
+
+
+ |
## Guides in this section
| Guide | Description |
| --- | --- |
-| [Get started with HoloLens](hololens1-setup.md) | Set up HoloLens for the first time. |
-| [Deploy HoloLens in a commercial environment](hololens-requirements.md) | Configure HoloLens for scale enterprise deployment and ongoing device management. |
-| [Recover and troubleshoot HoloLens issues](https://support.microsoft.com/products/hololens) | Learn how to gather logs from HoloLens, recover a misbehaving device, or reset HoloLens when necessary. |
-| [Get support](https://support.microsoft.com/products/hololens) |Connect with Microsoft support resources for HoloLens in enterprise. |
+| [Get started with HoloLens 2](hololens2-setup.md) | Set up HoloLens 2 for the first time. |
+| [Get started with HoloLens (1st gen)](hololens1-setup.md) | Set up HoloLens (1st gen) for the first time. |
+| [Get started with HoloLens in a commercial or classroom environment](hololens-requirements.md) | Plan for a multi-device HoloLens deployment and create a strategy for ongoing device management.This section is tailored to IT professionals managing devices with existing device management infrastructure. |
## Quick reference by topic
| Topic | Description |
| --- | --- |
-| [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover new features in the latest updates. |
-| [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging |
-| [HoloLens MDM support](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using Mobile Device Management (MDM) solutions like Microsoft Intune. |
+| [What's new in HoloLens](hololens-whats-new.md) | Discover new features in the latest updates via HoloLens release notes. |
+| [Install and manage applications on HoloLens](hololens-install-apps.md) | Install and manage important applications on HoloLens at scale. |
| [HoloLens update management](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. |
| [HoloLens user management](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. |
| [HoloLens application access management](hololens-kiosk.md) | Manage application access for different user groups. |
-| [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens. |
-| [Install localized version of HoloLens](hololens1-install-localized.md) | Configure HoloLens for different locale. |
+| [Recover and troubleshoot HoloLens issues](https://support.microsoft.com/products/hololens) | Learn how to gather logs from HoloLens, recover a misbehaving device, or reset HoloLens when necessary. |
+| [Get support](https://support.microsoft.com/products/hololens) | Connect with Microsoft support resources for HoloLens in enterprise. |
## Related resources
* [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development)
-* [HoloLens Commercial Suite](https://www.microsoft.com/microsoft-hololens/hololens-commercial)
* [HoloLens release notes](https://developer.microsoft.com/windows/mixed-reality/release_notes)
diff --git a/devices/surface/battery-limit.md b/devices/surface/battery-limit.md
index 48b26edcc5..a24ae8e7b8 100644
--- a/devices/surface/battery-limit.md
+++ b/devices/surface/battery-limit.md
@@ -11,6 +11,8 @@ ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Battery Limit setting
diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md
index 08149e26b7..68749b654c 100644
--- a/devices/surface/deploy.md
+++ b/devices/surface/deploy.md
@@ -11,6 +11,8 @@ ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Deploy Surface devices
@@ -39,19 +41,7 @@ Learn about about deploying ARM- and Intel-based Surface devices.
| [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)| See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. |
[Battery Limit setting](battery-limit.md) | Learn how to use Battery Limit, a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity.
-
-
-
-
## Related topics
-[Surface for IT pros blog](http://blogs.technet.com/b/surface/)
-
-
-
-
-
-
-
-
+[Surface IT Pro Blog](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro)
diff --git a/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md b/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md
index 3fa2512ccf..e04ff8e6ba 100644
--- a/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md
+++ b/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md
@@ -11,6 +11,8 @@ ms.author: v-tea
ms.topic: article
ms.date: 10/2/2019
ms.reviewer: scottmca
+ms.localizationpriority: medium
+ms.audience: itpro
manager: jarrettr
appliesto:
- Surface Laptop (1st Gen)
diff --git a/devices/surface/images/manage-surface-uefi-fig5a.png b/devices/surface/images/manage-surface-uefi-fig5a.png
new file mode 100644
index 0000000000..7baecb2fff
Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig5a.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig7a.png b/devices/surface/images/manage-surface-uefi-fig7a.png
new file mode 100644
index 0000000000..62e6536ea8
Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig7a.png differ
diff --git a/devices/surface/ltsb-for-surface.md b/devices/surface/ltsb-for-surface.md
index 225135d993..5e14c8444d 100644
--- a/devices/surface/ltsb-for-surface.md
+++ b/devices/surface/ltsb-for-surface.md
@@ -10,6 +10,8 @@ ms.author: dansimp
ms.topic: article
ms.reviewer:
manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Long-Term Servicing Channel (LTSC) for Surface devices
@@ -28,23 +30,7 @@ General-purpose Surface devices are intended to run on the Semi-Annual Channel t
Surface devices in specialized scenarios–such as PCs that control medical equipment, point-of-sale systems, and ATMs–might consider the use of LTSC. These special-purpose systems typically perform a single task and do not require feature updates as frequently as other devices in the organization.
-
-
-
-
## Related topics
-- [Surface TechCenter](https://technet.microsoft.com/windows/surface)
-
-- [Surface for IT pros blog](http://blogs.technet.com/b/surface/)
-
-
-
-
-
-
-
-
-
-
+- [Surface IT Pro Blog](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro)
diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
index ede174d674..e43a14a63b 100644
--- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
+++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
@@ -1,6 +1,6 @@
---
title: Best practice power settings for Surface devices
-description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience.
+description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience. This article applies to all currently supported Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -9,7 +9,9 @@ ms.author: dansimp
ms.topic: article
ms.reviewer:
manager: dansimp
-ms.date: 08/21/2019
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/28/2019
---
# Best practice power settings for Surface devices
@@ -49,7 +51,7 @@ module (SAM). The SAM chip functions as the Surface device power-policy
owner, using algorithms to calculate optimal power requirements. It
works in conjunction with Windows power manager to allocate or throttle
only the exact amount of power required for hardware components to
-function.
+function. This article applies to all currently supported Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
## Utilizing the custom power profile in Surface
diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md
index 4de1914275..d205908048 100644
--- a/devices/surface/manage-surface-uefi-settings.md
+++ b/devices/surface/manage-surface-uefi-settings.md
@@ -17,22 +17,25 @@ manager: dansimp
# Manage Surface UEFI settings
-Current and future generations of Surface devices, including Surface Pro 7, Surface Book 2, and Surface Studio 2,use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the device’s operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings.
-
->[!NOTE]
->Surface Pro 3, Surface 3, Surface Pro 2, Surface 2, Surface Pro, and Surface do not use the Surface UEFI and instead use firmware provided by third-party manufacturers, such as AMI.
-
-You can enter the Surface UEFI settings on your Surface device by pressing the **Volume Up** button and the **Power** button simultaneously. Hold the **Volume Up** button until the Surface logo is displayed, which indicates that the device has begun to boot.
+All current and future generations of Surface devices use a unique Unified Extensible Firmware Interface (UEFI) engineered by Microsoft specifically for these devices. Surface UEFI settings provide the ability to enable or disable built-in devices and components, protect UEFI settings from being changed, and adjust the Surface device boot settings.
## Support for cloud-based management
+
With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in public preview), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. DFCI is currently available for Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
+## Open Surface UEFI menu
-## PC information
+To adjust UEFI settings during system startup:
-On the **PC information** page, detailed information about your Surface device is provided:
+1. Shut down your Surface and wait about 10 seconds to make sure it's off.
+2. Press and hold the **Volume-up** button and - at the same time - press and release the **Power button.**
+3. As the Microsoft or Surface logo appears on your screen, continue to hold the **Volume-up** button until the UEFI screen appears.
-- **Model** – Your Surface device’s model will be displayed here, such as Surface Book or Surface Pro 4. The exact configuration of your device is not shown, (such as processor, disk size, or memory size).
+## UEFI PC information page
+
+The PC information page includes detailed information about your Surface device:
+
+- **Model** – Your Surface device’s model will be displayed here, such as Surface Book 2 or Surface Pro 7. The exact configuration of your device is not shown, (such as processor, disk size, or memory size).
- **UUID** – This Universally Unique Identification number is specific to your device and is used to identify the device during deployment or management.
- **Serial Number** – This number is used to identify this specific Surface device for asset tagging and support scenarios.
@@ -56,9 +59,9 @@ You will also find detailed information about the firmware of your Surface devic
You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) for your device.
-## Security
+## UEFI Security page
-On the **Security** page of Surface UEFI settings, you can set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2):
+The Security page allows you to set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2):
- Uppercase letters: A-Z
@@ -74,21 +77,21 @@ The password must be at least 6 characters and is case sensitive.
*Figure 2. Add a password to protect Surface UEFI settings*
-On the **Security** page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 3. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library.
+On the Security page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 3. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library.
*Figure 3. Configure Secure Boot*
-You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library.
+You can also enable or disable the Trusted Platform Module (TPM) device on the Security page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library.
*Figure 4. Configure Surface UEFI security settings*
-## Devices
+## UEFI menu: Devices
-On the **Devices** page you can enable or disable specific devices and components of your Surface device. Devices that you can enable or disable on this page include:
+The Devices page allows you to enable or disable specific devices and components including:
- Docking and USB Ports
@@ -106,13 +109,13 @@ On the **Devices** page you can enable or disable specific devices and component
Each device is listed with a slider button that you can move to **On** (enabled) or **Off** (disabled) position, as shown in Figure 5.
-
+
*Figure 5. Enable and disable specific devices*
-## Boot configuration
+## UEFI menu: Boot configuration
-On the **Boot Configuration** page, you can change the order of your boot devices and/or enable or disable boot of the following devices:
+The Boot Configuration page allows you to change the order of your boot devices as well as enable or disable boot of the following devices:
- Windows Boot Manager
@@ -132,68 +135,83 @@ For the specified boot order to take effect, you must set the **Enable Alternate
You can also turn on and off IPv6 support for PXE with the **Enable IPv6 for PXE Network Boot** option, for example when performing a Windows deployment using PXE where the PXE server is configured for IPv4 only.
+## UEFI menu: Management
+The Management page allows you to manage use of Zero Touch UEFI Management and other features on eligible devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
-## Exit
+
+*Figure 7. Manage access to Zero Touch UEFI Management and other features*
-Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 7.
+
+Zero Touch UEFI Management lets you remotely manage UEFI settings by using a device profile within Intune called Device Firmware Configuration Interface (DFCI). If you do not configure this setting, the ability to manage eligible devices with DFCI is set to **Ready**. To prevent DFCI, select **Opt-Out**.
+
+> [!NOTE]
+> The UEFI Management settings page and use of DFCI is only available on Surface Pro 7, Surface Pro X, and Surface Laptop 3.
+
+For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
+
+## UEFI menu: Exit
+
+Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 8.
-*Figure 7. Click Restart Now to exit Surface UEFI and restart the device*
+*Figure 8. Click Restart Now to exit Surface UEFI and restart the device*
## Surface UEFI boot screens
-When you update Surface device firmware, by using either Windows Update or manual installation, the updates are not applied immediately to the device, but instead during the next reboot cycle. You can find out more about the Surface firmware update process in [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). The progress of the firmware update is displayed on a screen with progress bars of differing colors to indicate the firmware for each component. Each component’s progress bar is shown in Figures 8 through 17.
+When you update Surface device firmware, by using either Windows Update or manual installation, the updates are not applied immediately to the device, but instead during the next reboot cycle. You can find out more about the Surface firmware update process in [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). The progress of the firmware update is displayed on a screen with progress bars of differing colors to indicate the firmware for each component. Each component’s progress bar is shown in Figures 9 through 18.
-*Figure 8. The Surface UEFI firmware update displays a blue progress bar*
+*Figure 9. The Surface UEFI firmware update displays a blue progress bar*
-*Figure 9. The System Embedded Controller firmware update displays a green progress bar*
+*Figure 10. The System Embedded Controller firmware update displays a green progress bar*
-*Figure 10. The SAM Controller firmware update displays an orange progress bar*
+*Figure 11. The SAM Controller firmware update displays an orange progress bar*
-*Figure 11. The Intel Management Engine firmware update displays a red progress bar*
+*Figure 12. The Intel Management Engine firmware update displays a red progress bar*
-*Figure 12. The Surface touch firmware update displays a gray progress bar*
+*Figure 13. The Surface touch firmware update displays a gray progress bar*
-*Figure 13. The Surface KIP firmware update displays a light green progress bar*
+*Figure 14. The Surface KIP firmware update displays a light green progress bar*
-*Figure 14. The Surface ISH firmware update displays a light pink progress bar*
+*Figure 15. The Surface ISH firmware update displays a light pink progress bar*
-*Figure 15. The Surface Trackpad firmware update displays a pink progress bar*
+*Figure 16. The Surface Trackpad firmware update displays a pink progress bar*
-*Figure 16. The Surface TCON firmware update displays a light gray progress bar*
+*Figure 17. The Surface TCON firmware update displays a light gray progress bar*
-*Figure 17. The Surface TPM firmware update displays a purple progress bar*
+*Figure 18. The Surface TPM firmware update displays a purple progress bar*
>[!NOTE]
->An additional warning message that indicates Secure Boot is disabled is displayed, as shown in Figure 18.
+>An additional warning message that indicates Secure Boot is disabled is displayed, as shown in Figure 19.
-*Figure 18. Surface boot screen that indicates Secure Boot has been disabled in Surface UEFI settings*
+*Figure 19. Surface boot screen that indicates Secure Boot has been disabled in Surface UEFI settings*
## Related topics
-[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
+- [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)
+
+- [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
\ No newline at end of file
diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md
index 4a37b1fd9d..93f0212193 100644
--- a/devices/surface/microsoft-surface-brightness-control.md
+++ b/devices/surface/microsoft-surface-brightness-control.md
@@ -11,6 +11,8 @@ ms.topic: article
ms.date: 1/15/2019
ms.reviewer: hachidan
manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Surface Brightness Control
diff --git a/devices/surface/support-solutions-surface.md b/devices/surface/support-solutions-surface.md
index 39f66879fb..8dd12ede7c 100644
--- a/devices/surface/support-solutions-surface.md
+++ b/devices/surface/support-solutions-surface.md
@@ -14,6 +14,7 @@ ms.author: dansimp
ms.topic: article
ms.date: 09/26/2019
ms.localizationpriority: medium
+ms.audience: itpro
---
# Top support solutions for Surface devices
diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md
index 28726e9c2d..9576334c98 100644
--- a/devices/surface/surface-diagnostic-toolkit-business.md
+++ b/devices/surface/surface-diagnostic-toolkit-business.md
@@ -3,7 +3,7 @@ title: Deploy Surface Diagnostic Toolkit for Business
description: This topic explains how to use the Surface Diagnostic Toolkit for Business.
ms.prod: w10
ms.mktglfcycl: manage
-ms.localizationpriority: normal
+ms.localizationpriority: medium
ms.sitesec: library
author: dansimp
ms.author: dansimp
@@ -172,9 +172,10 @@ You can select to run a wide range of logs across applications, drivers, hardwar
## Changes and updates
### Version 2.43.139.0
*Release date: October 21, 2019*
-This version of Surface Diagnostic Toolkit for Business adds support for the following:
--Surface Pro 7
--Surface Laptop 3
+This version of Surface Diagnostic Toolkit for Business adds support for the following:
+
+- Surface Pro 7
+- Surface Laptop 3
### Version 2.42.139.0
*Release date: September 24, 2019*
diff --git a/devices/surface/surface-diagnostic-toolkit-command-line.md b/devices/surface/surface-diagnostic-toolkit-command-line.md
index 7359067813..f1e3460df4 100644
--- a/devices/surface/surface-diagnostic-toolkit-command-line.md
+++ b/devices/surface/surface-diagnostic-toolkit-command-line.md
@@ -16,7 +16,7 @@ ms.audience: itpro
# Run Surface Diagnostic Toolkit for Business using commands
-Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features.
+Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features. For a list of supported Surface devices in SDT, refer to [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md).
>[!NOTE]
>To run SDT using commands, you must be signed in to the Administrator account or signed in to an account that is a member of the Administrator group on your Surface device.
diff --git a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
index 4d8b505670..6f7e8b6263 100644
--- a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
+++ b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
@@ -10,13 +10,14 @@ ms.topic: article
ms.date: 11/15/2018
ms.reviewer: hachidan
manager: dansimp
-ms.localizationpriority: normal
+ms.localizationpriority: medium
ms.audience: itpro
---
# Use Surface Diagnostic Toolkit for Business in desktop mode
-This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error.
+This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error. For a list of supported Surface devices in SDT, refer to [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md).
+
1. Direct the user to install [the SDT package](surface-diagnostic-toolkit-business.md#create-custom-sdt) from a software distribution point or network share. After it is installed, you’re ready to guide the user through a series of tests.
diff --git a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md
index 35c9b5f49f..df3918d715 100644
--- a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md
+++ b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md
@@ -10,7 +10,7 @@ ms.topic: article
ms.date: 06/11/2019
ms.reviewer: cottmca
manager: dansimp
-ms.localizationpriority: normal
+ms.localizationpriority: medium
ms.audience: itpro
---
diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md
index 32c1f38406..d70468adaa 100644
--- a/devices/surface/surface-enterprise-management-mode.md
+++ b/devices/surface/surface-enterprise-management-mode.md
@@ -12,6 +12,8 @@ ms.topic: article
ms.date: 01/06/2017
ms.reviewer:
manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Microsoft Surface Enterprise Management Mode
@@ -19,12 +21,14 @@ manager: dansimp
Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devices with Surface UEFI that allows you to secure and manage firmware settings within your organization. With SEMM, IT professionals can prepare configurations of UEFI settings and install them on a Surface device. In addition to the ability to configure UEFI settings, SEMM also uses a certificate to protect the configuration from unauthorized tampering or removal.
>[!NOTE]
->SEMM is only available on devices with Surface UEFI firmware such as Surface Pro 4 and later, Surface Go, Surface Laptop, Surface Book, and Surface Studio. For more information about Surface UEFI, see [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).
+>SEMM is only available on devices with Surface UEFI firmware.
+
When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM.
There are two administrative options you can use to manage SEMM and enrolled Surface devices – a standalone tool or integration with System Center Configuration Manager. The SEMM standalone tool, called the Microsoft Surface UEFI Configurator, is described in this article. For more information about how to manage SEMM with System Center Configuration Manager, see [Use System Center Configuration Manager to manage devices with SEMM](https://technet.microsoft.com/itpro/surface/use-system-center-configuration-manager-to-manage-devices-with-semm).
+
## Microsoft Surface UEFI Configurator
The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages or WinPE images that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied.
@@ -33,8 +37,6 @@ The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown i
*Figure 1. Microsoft Surface UEFI Configurator*
->[!NOTE]
->Windows 10 is required to run Microsoft Surface UEFI Configurator
You can use the Microsoft Surface UEFI Configurator tool in three modes:
@@ -62,17 +64,11 @@ See the [Surface Enterprise Management Mode certificate requirements](#surface-e
After a device is enrolled in SEMM, the configuration file is read and the settings specified in the file are applied to UEFI. When you run a configuration package on a device that is already enrolled in SEMM, the signature of the configuration file is checked against the certificate that is stored in the device firmware. If the signature does not match, no changes are applied to the device.
-You can use Surface UEFI settings to enable or disable the operation of individual components, such as cameras, wireless communication, or docking USB port (as shown in Figure 3), and configure advanced settings (as shown in Figure 4).
+### Enable or disable devices in Surface UEFI with SEMM
-
+ The built in devices that appear in the UEFI Devices page may vary depending on your device or corporate environment; for example, LTE only appears on devices equipped with LTE support.
-*Figure 3. Enable or disable devices in Surface UEFI with SEMM*
-
-
-
-*Figure 4. Configure advanced settings with SEMM*
-
-You can enable or disable the following devices with SEMM:
+ The following list shows all the available devices you can manage in SEMM:
* Docking USB Port
* On-board Audio
@@ -86,31 +82,38 @@ You can enable or disable the following devices with SEMM:
* Wi-Fi and Bluetooth
* LTE
-You can configure the following advanced settings with SEMM:
+### Configure advanced settings with SEMM
+**Table 1. Advanced settings**
+
+| Setting | Description |
+| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| IPv6 for PXE Boot | Allows you to manage Ipv6 support for PXE boot. If you do not configure this setting, IPv6 support for PXE boot is disabled. |
+| Alternate Boot | Allows you to manage use of an Alternate boot order to boot directly to a USB or Ethernet device by pressing both the Volume Down button and Power button during boot. If you do not configure this setting, Alternate boot is enabled. |
+| Boot Order Lock | Allows you to lock the boot order to prevent changes. If you do not configure this setting, Boot Order Lock is disabled. |
+| USB Boot | Allows you to manage booting to USB devices. If you do not configure this setting, USB Boot is enabled. |
+| Network Stack | Allows you to manage Network Stack boot settings. If you do not configure this setting, the ability to manage Network Stack boot settings is enabled. |
+| Auto Power On | Allows you to manage Auto Power On boot settings. If you do not configure this setting, Auto Power on is enabled. |
+| Simultaneous Multi-Threading (SMT) | Allows you to manage Simultaneous Multi-Threading (SMT) to enable or disable hyperthreading. If you do not configure this setting, SMT is enabled. |
+|Enable Battery limit| Allows you to manage Battery limit functionality. If you do not configure this setting, Battery limit is enabled |
+| Security | Displays the Surface UEFI **Security** page. If you do not configure this setting, the Security page is displayed. |
+| Devices | Displays the Surface UEFI **Devices** page. If you do not configure this setting, the Devices page is displayed. |
+| Boot | Displays the Surface UEFI **Boot** page. If you do not configure this setting, the DateTime page is displayed. |
+| DateTime | Displays the Surface UEFI **DateTime** page. If you do not configure this setting, the DateTime page is displayed. |
+
-* IPv6 support for PXE boot
-* Alternate boot order, where the Volume Down button and Power button can be pressed together during boot, to boot directly to a USB or Ethernet device
-* Lock the boot order to prevent changes
-* Support for booting to USB devices
-* Enable Network Stack boot settings
-* Enable Auto Power On boot settings
-* Display of the Surface UEFI **Security** page
-* Display of the Surface UEFI **Devices** page
-* Display of the Surface UEFI **Boot** page
-* Display of the Surface UEFI **DateTime** page
>[!NOTE]
->When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 5.
+>When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 3.
-*Figure 5. Display of the last two characters of the certificate thumbprint on the Successful page*
+*Figure 3. Display of the last two characters of the certificate thumbprint on the Successful page*
-These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 6.
+These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 4.
-*Figure 6. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
+*Figure 4. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
>[!NOTE]
>Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process:
@@ -132,11 +135,11 @@ A Surface UEFI reset package is used to perform only one task — to unenroll a
### Recovery request
-In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 7) with a Recovery Request operation.
+In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 5) with a Recovery Request operation.
-*Figure 7. Initiate a SEMM recovery request on the Enterprise Management page*
+*Figure 5. Initiate a SEMM recovery request on the Enterprise Management page*
When you use the process on the **Enterprise Management** page to reset SEMM on a Surface device, you are provided with a Reset Request. This Reset Request can be saved as a file to a USB drive, copied as text, or read as a QR Code with a mobile device to be easily emailed or messaged. Use the Microsoft Surface UEFI Configurator Reset Request option to load a Reset Request file or enter the Reset Request text or QR Code. Microsoft Surface UEFI Configurator will generate a verification code that can be entered on the Surface device. If you enter the code on the Surface device and click **Restart**, the device will be unenrolled from SEMM.
diff --git a/devices/surface/surface-system-sku-reference.md b/devices/surface/surface-system-sku-reference.md
index 6b6e75f7d4..d7e3e77236 100644
--- a/devices/surface/surface-system-sku-reference.md
+++ b/devices/surface/surface-system-sku-reference.md
@@ -12,6 +12,8 @@ ms.topic: article
ms.date: 03/20/2019
ms.reviewer:
manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# System SKU reference
diff --git a/devices/surface/surface-wireless-connect.md b/devices/surface/surface-wireless-connect.md
index fbbaec21e8..ad386a1445 100644
--- a/devices/surface/surface-wireless-connect.md
+++ b/devices/surface/surface-wireless-connect.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: dansimp
ms.audience: itpro
-ms.localizationpriority: normal
+ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 08/15/2019
diff --git a/devices/surface/unenroll-surface-devices-from-semm.md b/devices/surface/unenroll-surface-devices-from-semm.md
index edcfcdf120..39b70f6006 100644
--- a/devices/surface/unenroll-surface-devices-from-semm.md
+++ b/devices/surface/unenroll-surface-devices-from-semm.md
@@ -12,6 +12,8 @@ ms.topic: article
ms.date: 01/06/2017
ms.reviewer:
manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Unenroll Surface devices from SEMM
diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
index 0432c65257..f05342b48f 100644
--- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
+++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
@@ -12,6 +12,8 @@ ms.topic: article
ms.date: 02/01/2017
ms.reviewer:
manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Use System Center Configuration Manager to manage devices with SEMM
@@ -382,7 +384,7 @@ To configure Surface UEFI settings or permissions for Surface UEFI settings, you
The computer where ShowSettingsOptions.ps1 is run must have Microsoft Surface UEFI Manager installed, but the script does not require a Surface device.
-The following tables show the available settings for Surface Pro 4 and Surface Book:
+The following tables show the available settings for Surface Pro 4 and later including Surface Pro 7 and Surface Pro X; Surface Book, Surface Laptop 3, and Surface Go.
*Table 1. Surface UEFI settings for Surface Pro 4*
diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index 57782a8e2b..e9723fa61e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -37,7 +37,7 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
- Windows 10 Enterprise E5
- Windows 10 Education E5
- Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
-- Microsoft 365 E3 (M365 E3) with Identity and Threat Protection package
+
For more information on the array of features in Windows 10 editions, see [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare).
diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
index bc499753a7..268a9cf97b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
+++ b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
@@ -33,24 +33,49 @@ The general steps for expanding the S mode base policy on your devices are to ge
1. Generate a supplemental policy with WDAC tooling
This policy will expand the S mode base policy to authorize additional applications. Anything authorized by either the S mode base policy or your supplemental policy will be allowed to run. Your supplemental policies can specify filepath rules, trusted publishers, and more.
+
+ Refer to [Deploy multiple Windows Defender Application Control Policies](deploy-multiple-windows-defender-application-control-policies.md) for guidance on creating supplemental policies and [Deploy Windows Defender Application Control policy rules and file rules](select-types-of-rules-to-create.md) to choose the right type of rules to create for your policy.
- Refer to [Deploy multiple Windows Defender Application Control Policies](deploy-multiple-windows-defender-application-control-policies.md) for guidance on creating supplemental policies and [Deploy Windows Defender Application Control policy rules and file rules](select-types-of-rules-to-create.md) to choose the right type of rules to create for your policy.
+ Below are a basic set of instructions for creating an S mode supplemental policy:
+ - Create a new base policy using [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy?view=win10-ps)
+
+ ```powershell
+ New-CIPolicy -MultiplePolicyFormat -ScanPath -UserPEs -FilePath "\SupplementalPolicy.xml" -Level Publisher -Fallback Hash
+ ```
+ - Change it to a supplemental policy using [Set-CIPolicyIdInfo](https://docs.microsoft.com/powershell/module/configci/set-cipolicyidinfo?view=win10-ps)
+
+ ```powershell
+ Set-CIPolicyIdInfo -SupplementsBasePolicyID 5951A96A-E0B5-4D3D-8FB8-3E5B61030784 -FilePath "\SupplementalPolicy.xml"
+ ```
+ Policies which are supplementing the S mode base policy must use **-SupplementsBasePolicyID 5951A96A-E0B5-4D3D-8FB8-3E5B61030784**, as this is the S mode policy ID.
+ - Put the policy in enforce mode using [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps)
+
+ ```powershell
+ Set-RuleOption -FilePath "\SupplementalPolicy.xml>" -Option 3 –Delete
+ ```
+ This deletes the ‘audit mode’ qualifier.
+ - Convert to .bin using [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps)
+
+ ```powershell
+ ConvertFrom-CIPolicy -XmlFilePath "\SupplementalPolicy.xml" -BinaryFilePath "\SupplementalPolicy.bin>
+ ```
- > [!Note]
- > Policies which are supplementing the S mode base policy must use **-SupplementsBasePolicyID 5951A96A-E0B5-4D3D-8FB8-3E5B61030784**, as this is the S mode policy ID.
2. Sign policy
Supplemental S mode policies must be digitally signed. To sign your policy, you can choose to use the Device Guard Signing Service or your organization's custom Public Key Infrastructure (PKI). Refer to [Use the Device Guard Signing Portal in the Microsoft Store for Business](use-device-guard-signing-portal-in-microsoft-store-for-business.md) for guidance on using DGSS and [Create a code signing cert for WDAC](create-code-signing-cert-for-windows-defender-application-control.md) for guidance on signing using an internal CA.
- Once your policy is signed, you must authorize the signing certificate you used to sign the policy and optionally one or more additional signers that can be used to sign updates to the policy in the future. Use Add-SignerRule to add the signing certificate to the WDAC policy, filling in the correct path and filenames for `` and ``:
+ Once your policy is signed, you must authorize the signing certificate you used to sign the policy and optionally one or more additional signers that can be used to sign updates to the policy in the future. Use Add-SignerRule to add the signing certificate to the WDAC policy:
- `Add-SignerRule -FilePath -CertificatePath -User -Update`
+ ```powershell
+ Add-SignerRule -FilePath -CertificatePath -User -Update`
+ ```
+ Rename your policy to "{PolicyID}.p7b" after you've signed it. PolicyID can be found by inspecting the Supplemental Policy XML
+
3. Deploy the signed supplemental policy using Microsoft Intune
- Upload the signed policy to Intune and assign it to user or device groups. Intune will generate tenant- and device- specific authorization tokens. Intune then deploys the corresponding authorization token and supplemental policy to each device in the assigned group. Together, these expand the S mode base policy on the device.
-
+ Go to the Azure portal online and navigate to the Microsoft Intune page, then go to the Client apps blade and select 'S mode supplemental policies'. Upload the signed policy to Intune and assign it to user or device groups. Intune will generate tenant- and device- specific authorization tokens. Intune then deploys the corresponding authorization token and supplemental policy to each device in the assigned group. Together, these expand the S mode base policy on the device.
-> [!Note]
+> [!Note]
> When updating your supplemental policy, ensure that the new version number is strictly greater than the previous one. Using the same version number is not allowed by Intune. Refer to [Set-CIPolicyVersion](https://docs.microsoft.com/powershell/module/configci/set-cipolicyversion?view=win10-ps) for information on setting the version number.
# Standard Process for Deploying Apps through Intune
@@ -152,8 +177,8 @@ Below is a sample policy that allows kernel debuggers, PowerShell ISE, and Regis
```
# Policy Removal
-> [!Note]
-> There is currently a policy deletion error, with a fix expected in the 2D update in late February 2020. Devices of users who are unenrolled will still have their WDAC policies removed. In the mentime, IT Pros are recommended to update their policy with the below 'empty' policy which makes no changes to S mode.
+> [!Note]
+> This feature currently has a known a policy deletion bug, with a fix expected in the 2D update in late February 2020. Devices of users who are unenrolled will still have their WDAC policies removed. In the mentime, IT Pros are recommended to update their policy with the below 'empty' policy which makes no changes to S mode.
```xml
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
index 6505f27774..904c5d1ad8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
@@ -24,9 +24,6 @@ ms.date: 05/17/2019
- Windows 10
- Windows Server 2016
->[!IMPORTANT]
->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
The restriction of only having a single code integrity policy active on a system at any given time has felt limiting for customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports multiple simultaneous code integrity policies for one device in order to enable the following scenarios:
1. Enforce and Audit Side-by-Side
@@ -53,7 +50,7 @@ Note that multiple policies will not work on pre-1903 systems.
In order to allow multiple policies to exist and take effect on a single system, policies must be created using the new Multiple Policy Format. The "MultiplePolicyFormat" switch in [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy?view=win10-ps) results in 1) random GUIDs being generated for the policy ID and 2) the policy type being specified as base. The below is an example of creating a new policy in the multiple policy format.
```powershell
-New-CIPolicy -MultiplePolicyFormat -ScanPath '.\temp\' -UserPEs -FilePath ".\policy.xml" -Level Publisher -Fallback Hash
+New-CIPolicy -MultiplePolicyFormat -ScanPath "" -UserPEs -FilePath ".\policy.xml" -Level Publisher -Fallback Hash
```
Optionally, you can choose to make the new base policy supplementable (allow supplemental policies).
@@ -71,18 +68,19 @@ Add-SignerRule -FilePath -CertificatePath [-Kernel] [-User] [-
### Supplemental Policy Creation
In order to create a supplemental policy, begin by creating a new policy in the Multiple Policy Format. From there, use Set-CIPolicyIdInfo to convert it to a supplemental policy and specify which base policy it expands.
-- "SupplementsBasePolicyID": guid of new supplemental policy
+- "SupplementsBasePolicyID":
+of new supplemental policy
- "BasePolicyToSupplementPath": base policy that the supplemental policy applies to
```powershell
Set-CIPolicyIdInfo [-FilePath] [-PolicyName ] [-SupplementsBasePolicyID ] [-BasePolicyToSupplementPath ] [-ResetPolicyID] [-PolicyId ] []
```
-Note that "ResetPolicyId" reverts a supplemental policy to a base policy, and resets the policy guids back to a random guid.
+Note that "ResetPolicyId" reverts a supplemental policy to a base policy, and resets the policy GUIDs back to a random GUID.
### Merging policies
-When merging, the policy type and ID of the leftmost/first policy specified is used. If the leftmost is a base policy with ID \, then regardless of what the GUIDS and types are for any subsequent policies, the merged policy will be a base policy with ID \.
+When merging, the policy type and ID of the leftmost/first policy specified is used. If the leftmost is a base policy with ID \, then regardless of what the GUIDs and types are for any subsequent policies, the merged policy will be a base policy with ID \.
### Deploying policies