Merge remote-tracking branch 'refs/remotes/origin/master' into vs-10202987

devices/surface-hub/change-history-surface-hub.md

@@ -19,6 +19,7 @@ This topic lists new and updated topics in the [Surface Hub Admin Guide]( surfac
 | New or changed topic | Description |
 | --- | --- |
 | [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) | Added graphics cards verified to work with 84" Surface Hubs and added information about the lengths of cables. |
+| [Online deployment](online-deployment-surface-hub-device-accounts.md) | Updated procedures for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment. |
 
 ## December 2016
 

devices/surface-hub/online-deployment-surface-hub-device-accounts.md

@@ -54,13 +54,10 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
     $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
     ```
 
-    Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
+    Once you have a compatible policy, then you will need to apply the policy to the device account.
 
     ```PowerShell
-    Set-Mailbox 'HUB01@contoso.com' -Type Regular
     Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.Id
-    Set-Mailbox 'HUB01@contoso.com' -Type Room
-    Set-Mailbox 'HUB01@contoso.com' -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force) -EnableRoomMailboxAccount $true
     ```
 
 4.  Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
@@ -84,7 +81,10 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
     Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -PasswordNeverExpires $true
     ```
 
-7.  The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
+7.  Surface Hub requires a license for Skype for Business functionality.
+    - Your Surface Hub account requires a Lync Online (Plan 2) or Lync Online (Plan 3) license, but it does not require an Exchange Online license.
+    - You'll need to have Lync Online (Plan 2) or higher in your O365 plan. The plan needs to support conferencing capability.
+    - If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Lync Online (Plan 3).    
 
     Next, you can use `Get-MsolAccountSku` to retrieve a list of available SKUs for your O365 tenant.
 
@@ -98,15 +98,6 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
 
 8.  Enable the device account with Skype for Business.
 
-    In order to enable Skype for Business, your environment will need to meet the following prerequisites:
-
-    -   You'll need to have Lync Online (Plan 2) or higher in your O365 plan. The plan needs to support conferencing capability.
-    -   If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Lync Online (Plan 3).
-    -   Your tenant users must have Exchange mailboxes.
-    -   Your device account needs a Lync Online (Plan 2) or Lync Online (Plan 3) license, but it does not require an Exchange Online license.
-
-    <!-- -->
-
     -   Start by creating a remote PowerShell session from a PC.
 
         ```PowerShell
@@ -115,34 +106,38 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
         Import-PSSession $cssess -AllowClobber
         ```
 
-    -   To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
-
-        ```PowerShell
-        Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool  
-        "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
-        ```
-
-        If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
+   - Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, *alice@contoso.com*):
 
         ```PowerShell
         Get-CsOnlineUser -Identity ‘alice@contoso.com’| fl *registrarpool*
         ```
+        OR by setting a variable
+        ```PowerShell
+        $strRegistrarPool = (Get-CsOnlineUser -Identity ‘alice@contoso.com’).RegistrarPool
+        ```
+        
+    - Enable the Surface Hub account with the following cmdlet:
+      
+        ```PowerShell
+        Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool yourRegistrarPool -SipAddressType EmailAddress
+        OR using the $strRegistarPool variable from above
+        Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool $strRegistrarPool -SipAddressType EmailAddress
+        ```
 
-9.  Assign Skype for Business license to your Surface Hub account.
+Alternatively, You can assign a license to the Surface Hub through the Office 365 administrators portal:
+
+1. Sign in as a tenant administrator, open the O365 Administrative Portal, and click the Admin app.
+1. Click **Users** > **Active users**. 
+1. Select the Surface Hub account. Under **Product licenses** (or **Assigned Licenses** if you’re using the old admin center), click **Edit**. 
+1. Select an appropriate license that meets the requirements in Step 7.
+1. Click **Save**.
 
-    Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) to the device.
 
-    -   Login as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
-    -   Click on **Users and Groups** and then **Add users, reset passwords, and more**.
-    -   Select the Surface Hub account, and then click or tap the pen icon, which means edit.
-    -   Click on the **Licenses** option.
-    -   In the **Assign licenses** section, you need to select Skype for Business (Plan 2) or Skype for Business (Plan 3), depending on your licensing and what you've decided in terms of needing Enterprise Voice. You'll have to use a Plan 3 license if you want to use Enterprise Voice on your Surface Hub.
-    -   Click **Save** and you're done.
 
 >[!NOTE]
 >It's also possible to use the Windows Azure Active Directory Module for Windows PowerShell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
 
-For validation, you should be able to use any Skype for Business client (PC, Android, etc) to log in to this account.
+For validation, you should be able to use any Skype for Business client (PC, Android, etc) to sign in to this account.
 
 
 

windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md

@@ -45,7 +45,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
 
 5.  Press the **Enter** key or click **OK**.
 
-For for information on how you can manually validate that the endpoint is compliant and correctly reports telemetry see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
+For for information on how you can manually validate that the endpoint is compliant and correctly reports sensor data see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
 
 ## Configure sample collection settings
 For each endpoint, you can set a configuration value to state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.

windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md

@@ -21,7 +21,7 @@ localizationpriority: high
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-Endpoints in your organization must be configured so that the Windows Defender ATP service can get telemetry from them. There are various methods and deployment tools that you can use to configure the endpoints in your organization.
+Endpoints in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the endpoints in your organization.
 
 Windows Defender ATP supports the following deployment tools and methods:
 

windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md

@@ -22,7 +22,7 @@ localizationpriority: high
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report telemetry and communicate with the Windows Defender ATP service.
+The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
 
 The embedded Windows Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Windows Defender ATP cloud service.
 

windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md

@@ -21,12 +21,12 @@ localizationpriority: high
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, and the number of active malware detections. This view allows you to identify machines with the highest risk at a glance, and keep track of all the machines that are reporting telemetry in your network.
+The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, and the number of active malware detections. This view allows you to identify machines with the highest risk at a glance, and keep track of all the machines that are reporting sensor data in your network.
 
 Use the Machines view in these two main scenarios:
 
 - **During onboarding**
-  - During the onboarding process, the Machines view gradually gets populated with endpoints as they begin to report telemetry. Use this view to track your onboarded endpoints as they appear. Use the available features to sort and filer to see which endpoints have most recently reported telemetry, or download the complete endpoint list as a CSV file for offline analysis.
+  - During the onboarding process, the Machines view gradually gets populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they appear. Use the available features to sort and filer to see which endpoints have most recently reported sensor data, or download the complete endpoint list as a CSV file for offline analysis.
 - **Day-to-day work**
   - The **Machines view** enables you to identify machines that are most at risk in a glance. High-risk machines are those with the greatest number and highest-severity alerts. By sorting the machines by risk, you'll be able to identify the most vulnerable machines and take action on them.
 
@@ -34,7 +34,7 @@ The Machines view contains the following columns:
 
 - **Machine name** - the name or GUID of the machine
 - **Domain** - the domain the machine belongs to
-- **Last seen** - when the machine last reported telemetry
+- **Last seen** - when the machine last reported sensor data
 - **Internal IP** - the local internal Internet Protocol (IP) address of the machine
 - **Active Alerts** - the number of alerts reported by the machine by severity
 - **Active malware detections** - the number of active malware detections reported by the machine
@@ -59,7 +59,7 @@ You can filter the view by the following time periods:
 - 6 months
 
 > [!NOTE]
-> When you select a time period, the list will only display machines that reported within the selected time period. For example, selecting 1 day will only display a list of machines that reported telemetry within the last 24-hour period.
+> When you select a time period, the list will only display machines that reported within the selected time period. For example, selecting 1 day will only display a list of machines that reported sensor data within the last 24-hour period.
 
 The threat category filter lets you filter the view by the following categories:
 
@@ -94,7 +94,7 @@ When you investigate a specific machine, you'll see:
 - **Alerts related to this machine**
 - **Machine timeline**
 
-The machine details, IP, and reporting sections display some attributes of the machine such as its name, domain, OS, IP address, and how long it's been reporting telemetry to the Windows Defender ATP service.
+The machine details, IP, and reporting sections display some attributes of the machine such as its name, domain, OS, IP address, and how long it's been reporting sensor data to the Windows Defender ATP service.
 
 The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. This list is a simplified version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date that the alert was detected, a short description of the alert, the alert's severity, the alert's threat category, and the alert's status in the queue.
 

windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md

@@ -61,7 +61,7 @@ Before you configure endpoints, the telemetry and diagnostics service must be en
 
 ### Telemetry and diagnostics settings
 You must ensure that the telemetry and diagnostics service is enabled on all the endpoints in your organization.
-By default, this service is enabled, but it's good practice to check to ensure that you'll get telemetry from them.
+By default, this service is enabled, but it's good practice to check to ensure that you'll get sensor data from them.
 
 **Use the command line to check the Windows 10 telemetry and diagnostics service startup type**:
 

windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md

@@ -1,7 +1,7 @@
 ---
 title: Troubleshoot Windows Defender ATP onboarding issues
 description: Troubleshoot issues that might arise during the onboarding of endpoints or to the Windows Defender ATP service.
-keywords: troubleshoot onboarding, onboarding issues, event viewer, data collection and preview builds, telemetry and diagnostics
+keywords: troubleshoot onboarding, onboarding issues, event viewer, data collection and preview builds, sensor data and diagnostics
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -214,7 +214,7 @@ First, you should check that the service is set to start automatically when Wind
 
 ### Ensure the endpoint has an Internet connection
 
-The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report telemetry and communicate with the Windows Defender ATP service.
+The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
 
 WinHTTP is independent of the Internet browsing proxy settings and other user context applications and must be able to detect the proxy servers that are available in your particular environment.
 

windows/keep-secure/windows-defender-advanced-threat-protection.md

@@ -32,7 +32,7 @@ Windows Defender ATP uses the following combination of technology built into Win
 -   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
     collect and process behavioral signals from the operating system
     (for example, process, registry, file, and network communications)
-    and sends this telemetry to your private, isolated, cloud instance of Windows Defender ATP.
+    and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP.
 
 
 -   **Cloud security analytics**: Leveraging big-data, machine-learning, and
@@ -47,7 +47,7 @@ Windows Defender ATP uses the following combination of technology built into Win
     and augmented by threat intelligence provided by partners, threat
     intelligence enables Windows Defender ATP to identify attacker
     tools, techniques, and procedures, and generate alerts when these
-    are observed in collected telemetry.
+    are observed in collected sensor data.
 
 The following diagram shows these Windows Defender ATP service
 components: