Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into waastelescope

2025-06-16 02:43:43 +00:00 · 2020-06-01 11:03:51 -07:00
parent 46e217bff1 9a0ccd96c7
commit ac535deebc
396 changed files with 8401 additions and 3508 deletions
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@ -1,283 +0,0 @@
-# [Deploy and update Windows 10](https://docs.microsoft.com/windows/deployment)
-## [Deployment process posters](windows-10-deployment-posters.md)
-## [Deploy Windows 10 with Microsoft 365](deploy-m365.md)
-## [What's new in Windows 10 deployment](deploy-whats-new.md)
-## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
-## [Windows Autopilot](windows-autopilot/windows-autopilot.md)
-
-## Subscription Activation
-### [Windows 10 Subscription Activation](windows-10-subscription-activation.md)
-### [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md)
-### [Configure VDA for Subscription Activation](vda-subscription-activation.md)
-### [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md)
-
-## Resolve upgrade errors
-### [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md)
-### [Quick fixes](upgrade\quick-fixes.md)
-### [SetupDiag](upgrade/setupdiag.md)
-### [Troubleshooting upgrade errors](upgrade/troubleshoot-upgrade-errors.md)
-### [Windows error reporting](upgrade/windows-error-reporting.md)
-### [Upgrade error codes](upgrade/upgrade-error-codes.md)
-### [Log files](upgrade/log-files.md)
-### [Resolution procedures](upgrade/resolution-procedures.md)
-### [Submit Windows 10 upgrade errors](upgrade/submit-errors.md)
-
-## Deploy Windows 10
-### [Deploying Windows 10](deploy.md)
-
-### [Windows Autopilot](windows-autopilot/windows-autopilot.md)
-### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
-### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md)
-### [Windows 10 volume license media](windows-10-media.md)
-
-### [Windows 10 in S mode](s-mode.md)
-#### [Switch to Windows 10 Pro/Enterprise from S mode](windows-10-pro-in-s-mode.md)
-
-### [Windows 10 deployment test lab](windows-10-poc.md)
-#### [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
-#### [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md)
-
-### [Plan for Windows 10 deployment](planning/index.md)
-#### [Windows 10 Enterprise FAQ for IT Pros](planning/windows-10-enterprise-faq-itpro.md)
-#### [Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md)
-#### [Windows 10 compatibility](planning/windows-10-compatibility.md)
-#### [Windows 10 infrastructure requirements](planning/windows-10-infrastructure-requirements.md)
-
-#### [Volume Activation [client]](volume-activation/volume-activation-windows-10.md)
-##### [Plan for volume activation [client]](volume-activation/plan-for-volume-activation-client.md)
-##### [Activate using Key Management Service [client]](volume-activation/activate-using-key-management-service-vamt.md)
-##### [Activate using Active Directory-based activation [client]](volume-activation/activate-using-active-directory-based-activation-client.md)
-##### [Activate clients running Windows 10](volume-activation/activate-windows-10-clients-vamt.md)
-##### [Monitor activation [client]](volume-activation/monitor-activation-client.md)
-##### [Use the Volume Activation Management Tool [client]](volume-activation/use-the-volume-activation-management-tool-client.md)
-##### [Appendix: Information sent to Microsoft during activation [client]](volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md)
-
-#### [Application Compatibility Toolkit (ACT) Technical Reference](planning/act-technical-reference.md)
-##### [SUA User's Guide](planning/sua-users-guide.md)
-###### [Using the SUA Wizard](planning/using-the-sua-wizard.md)
-###### [Using the SUA Tool](planning/using-the-sua-tool.md)
-####### [Tabs on the SUA Tool Interface](planning/tabs-on-the-sua-tool-interface.md)
-####### [Showing Messages Generated by the SUA Tool](planning/showing-messages-generated-by-the-sua-tool.md)
-####### [Applying Filters to Data in the SUA Tool](planning/applying-filters-to-data-in-the-sua-tool.md)
-####### [Fixing Applications by Using the SUA Tool](planning/fixing-applications-by-using-the-sua-tool.md)
-##### [Compatibility Administrator User's Guide](planning/compatibility-administrator-users-guide.md)
-###### [Using the Compatibility Administrator Tool](planning/using-the-compatibility-administrator-tool.md)
-####### [Available Data Types and Operators in Compatibility Administrator](planning/available-data-types-and-operators-in-compatibility-administrator.md)
-####### [Searching for Fixed Applications in Compatibility Administrator](planning/searching-for-fixed-applications-in-compatibility-administrator.md)
-####### [Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator](planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md)
-####### [Creating a Custom Compatibility Fix in Compatibility Administrator](planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md)
-####### [Creating a Custom Compatibility Mode in Compatibility Administrator](planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md)
-####### [Creating an AppHelp Message in Compatibility Administrator](planning/creating-an-apphelp-message-in-compatibility-administrator.md)
-####### [Viewing the Events Screen in Compatibility Administrator](planning/viewing-the-events-screen-in-compatibility-administrator.md)
-####### [Enabling and Disabling Compatibility Fixes in Compatibility Administrator](planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md)
-####### [Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator](planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md)
-###### [Managing Application-Compatibility Fixes and Custom Fix Databases](planning/managing-application-compatibility-fixes-and-custom-fix-databases.md)
-####### [Understanding and Using Compatibility Fixes](planning/understanding-and-using-compatibility-fixes.md)
-####### [Compatibility Fix Database Management Strategies and Deployment](planning/compatibility-fix-database-management-strategies-and-deployment.md)
-####### [Testing Your Application Mitigation Packages](planning/testing-your-application-mitigation-packages.md)
-###### [Using the Sdbinst.exe Command-Line Tool](planning/using-the-sdbinstexe-command-line-tool.md)
-##### [Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md)
-
-
-### Deploy Windows 10 with the Microsoft Deployment Toolkit (MDT)
-#### [Get started with MDT](deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md)
-
-#### Deploy Windows 10 with MDT
-##### [Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
-##### [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md)
-##### [Deploy a Windows 10 image using MDT](deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md)
-##### [Build a distributed environment for Windows 10 deployment](deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md)
-##### [Refresh a Windows 7 computer with Windows 10](deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md)
-##### [Replace a Windows 7 computer with a Windows 10 computer](deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md)
-##### [Perform an in-place upgrade to Windows 10 with MDT](deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
-
-#### Customize MDT
-##### [Configure MDT settings](deploy-windows-mdt/configure-mdt-settings.md)
-##### [Set up MDT for BitLocker](deploy-windows-mdt/set-up-mdt-for-bitlocker.md)
-##### [Configure MDT deployment share rules](deploy-windows-mdt/configure-mdt-deployment-share-rules.md)
-##### [Configure MDT for UserExit scripts](deploy-windows-mdt/configure-mdt-for-userexit-scripts.md)
-##### [Simulate a Windows 10 deployment in a test environment](deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md)
-##### [Use the MDT database to stage Windows 10 deployment information](deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-##### [Assign applications using roles in MDT](deploy-windows-mdt/assign-applications-using-roles-in-mdt.md)
-##### [Use web services in MDT](deploy-windows-mdt/use-web-services-in-mdt.md)
-##### [Use Orchestrator runbooks with MDT](deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md)
-
-### Deploy Windows 10 with Microsoft Endpoint Configuration Manager
-#### Prepare for Windows 10 deployment with Configuration Manager
-##### [Prepare for Zero Touch Installation with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-##### [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-##### [Add a Windows 10 operating system image using Configuration Manager](deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md)
-##### [Create an application to deploy with Windows 10 using Configuration Manager](deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
-##### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
-##### [Create a task sequence with Configuration Manager and MDT](deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md)
-##### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
-
-#### Deploy Windows 10 with Configuration Manager
-##### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md)
-##### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-##### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-##### [Perform an in-place upgrade to Windows 10 using Configuration Manager](deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md)
-
-### [Windows 10 deployment tools](windows-10-deployment-tools.md)
-
-#### [Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md)
-#### [Convert MBR partition to GPT](mbr-to-gpt.md)
-#### [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md)
-#### [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md)
-
-#### [Deploy Windows To Go in your organization](deploy-windows-to-go.md)
-##### [Windows To Go: feature overview](planning/windows-to-go-overview.md)
-###### [Best practice recommendations for Windows To Go](planning/best-practice-recommendations-for-windows-to-go.md)
-###### [Deployment considerations for Windows To Go](planning/deployment-considerations-for-windows-to-go.md)
-###### [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md)
-###### [Security and data protection considerations for Windows To Go](planning/security-and-data-protection-considerations-for-windows-to-go.md)
-###### [Windows To Go: frequently asked questions](planning/windows-to-go-frequently-asked-questions.md)
-
-#### [Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md)
-##### [Introduction to VAMT](volume-activation/introduction-vamt.md)
-##### [Active Directory-Based Activation Overview](volume-activation/active-directory-based-activation-overview.md)
-##### [Install and Configure VAMT](volume-activation/install-configure-vamt.md)
-###### [VAMT Requirements](volume-activation/vamt-requirements.md)
-###### [Install VAMT](volume-activation/install-vamt.md)
-###### [Configure Client Computers](volume-activation/configure-client-computers-vamt.md)
-##### [Add and Manage Products](volume-activation/add-manage-products-vamt.md)
-###### [Add and Remove Computers](volume-activation/add-remove-computers-vamt.md)
-###### [Update Product Status](volume-activation/update-product-status-vamt.md)
-###### [Remove Products](volume-activation/remove-products-vamt.md)
-##### [Manage Product Keys](volume-activation/manage-product-keys-vamt.md)
-###### [Add and Remove a Product Key](volume-activation/add-remove-product-key-vamt.md)
-###### [Install a Product Key](volume-activation/install-product-key-vamt.md)
-###### [Install a KMS Client Key](volume-activation/install-kms-client-key-vamt.md)
-##### [Manage Activations](volume-activation/manage-activations-vamt.md)
-###### [Perform Online Activation](volume-activation/online-activation-vamt.md)
-###### [Perform Proxy Activation](volume-activation/proxy-activation-vamt.md)
-###### [Perform KMS Activation](volume-activation/kms-activation-vamt.md)
-###### [Perform Local Reactivation](volume-activation/local-reactivation-vamt.md)
-###### [Activate an Active Directory Forest Online](volume-activation/activate-forest-vamt.md)
-###### [Activate by Proxy an Active Directory Forest](volume-activation/activate-forest-by-proxy-vamt.md)
-##### [Manage VAMT Data](volume-activation/manage-vamt-data.md)
-###### [Import and Export VAMT Data](volume-activation/import-export-vamt-data.md)
-###### [Use VAMT in Windows PowerShell](volume-activation/use-vamt-in-windows-powershell.md)
-##### [VAMT Step-by-Step Scenarios](volume-activation/vamt-step-by-step.md)
-###### [Scenario 1: Online Activation](volume-activation/scenario-online-activation-vamt.md)
-###### [Scenario 2: Proxy Activation](volume-activation/scenario-proxy-activation-vamt.md)
-###### [Scenario 3: KMS Client Activation](volume-activation/scenario-kms-activation-vamt.md)
-##### [VAMT Known Issues](volume-activation/vamt-known-issues.md)
-#### [User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md)
-##### [User State Migration Tool (USMT) Overview Topics](usmt/usmt-topics.md)
-###### [User State Migration Tool (USMT) Overview](usmt/usmt-overview.md)
-###### [Getting Started with the User State Migration Tool (USMT)](usmt/getting-started-with-the-user-state-migration-tool.md)
-###### [Windows Upgrade and Migration Considerations](upgrade/windows-upgrade-and-migration-considerations.md)
-##### [User State Migration Tool (USMT) How-to topics](usmt/usmt-how-to.md)
-###### [Exclude Files and Settings](usmt/usmt-exclude-files-and-settings.md)
-###### [Extract Files from a Compressed USMT Migration Store](usmt/usmt-extract-files-from-a-compressed-migration-store.md)
-###### [Include Files and Settings](usmt/usmt-include-files-and-settings.md)
-###### [Migrate Application Settings](usmt/migrate-application-settings.md)
-###### [Migrate EFS Files and Certificates](usmt/usmt-migrate-efs-files-and-certificates.md)
-###### [Migrate User Accounts](usmt/usmt-migrate-user-accounts.md)
-###### [Reroute Files and Settings](usmt/usmt-reroute-files-and-settings.md)
-###### [Verify the Condition of a Compressed Migration Store](usmt/verify-the-condition-of-a-compressed-migration-store.md)
-##### [User State Migration Tool (USMT) Troubleshooting](usmt/usmt-troubleshooting.md)
-###### [Common Issues](usmt/usmt-common-issues.md)
-###### [Frequently Asked Questions](usmt/usmt-faq.md)
-###### [Log Files](usmt/usmt-log-files.md)
-###### [Return Codes](usmt/usmt-return-codes.md)
-###### [USMT Resources](usmt/usmt-resources.md)
-##### [User State Migration Toolkit (USMT) Reference](usmt/usmt-reference.md)
-###### [USMT Requirements](usmt/usmt-requirements.md)
-###### [USMT Best Practices](usmt/usmt-best-practices.md)
-###### [How USMT Works](usmt/usmt-how-it-works.md)
-###### [Plan Your Migration](usmt/usmt-plan-your-migration.md)
-####### [Common Migration Scenarios](usmt/usmt-common-migration-scenarios.md)
-####### [What Does USMT Migrate?](usmt/usmt-what-does-usmt-migrate.md)
-####### [Choose a Migration Store Type](usmt/usmt-choose-migration-store-type.md)
-######## [Migration Store Types Overview](usmt/migration-store-types-overview.md)
-######## [Estimate Migration Store Size](usmt/usmt-estimate-migration-store-size.md)
-######## [Hard-Link Migration Store](usmt/usmt-hard-link-migration-store.md)
-######## [Migration Store Encryption](usmt/usmt-migration-store-encryption.md)
-####### [Determine What to Migrate](usmt/usmt-determine-what-to-migrate.md)
-######## [Identify Users](usmt/usmt-identify-users.md)
-######## [Identify Applications Settings](usmt/usmt-identify-application-settings.md)
-######## [Identify Operating System Settings](usmt/usmt-identify-operating-system-settings.md)
-######## [Identify File Types, Files, and Folders](usmt/usmt-identify-file-types-files-and-folders.md)
-####### [Test Your Migration](usmt/usmt-test-your-migration.md)
-###### [User State Migration Tool (USMT) Command-line Syntax](usmt/usmt-command-line-syntax.md)
-####### [ScanState Syntax](usmt/usmt-scanstate-syntax.md)
-####### [LoadState Syntax](usmt/usmt-loadstate-syntax.md)
-####### [UsmtUtils Syntax](usmt/usmt-utilities.md)
-###### [USMT XML Reference](usmt/usmt-xml-reference.md)
-####### [Understanding Migration XML Files](usmt/understanding-migration-xml-files.md)
-####### [Config.xml File](usmt/usmt-configxml-file.md)
-####### [Customize USMT XML Files](usmt/usmt-customize-xml-files.md)
-####### [Custom XML Examples](usmt/usmt-custom-xml-examples.md)
-####### [Conflicts and Precedence](usmt/usmt-conflicts-and-precedence.md)
-####### [General Conventions](usmt/usmt-general-conventions.md)
-####### [XML File Requirements](usmt/xml-file-requirements.md)
-####### [Recognized Environment Variables](usmt/usmt-recognized-environment-variables.md)
-####### [XML Elements Library](usmt/usmt-xml-elements-library.md)
-###### [Offline Migration Reference](usmt/offline-migration-reference.md)
-### [Install fonts in Windows 10](windows-10-missing-fonts.md)
-
-## Update Windows 10
-### [Update Windows 10 in enterprise deployments](update/index.md)
-### Windows as a service
-#### [Windows as a service - introduction](update/windows-as-a-service.md)
-#### [Quick guide to Windows as a service](update/waas-quick-start.md)
-#### [Servicing stack updates](update/servicing-stack-updates.md)
-#### [Overview of Windows as a service](update/waas-overview.md)
-### [Prepare servicing strategy for Windows 10 updates](update/waas-servicing-strategy-windows-10-updates.md)
-### [Build deployment rings for Windows 10 updates](update/waas-deployment-rings-windows-10-updates.md)
-### [Assign devices to servicing channels for Windows 10 updates](update/waas-servicing-channels-windows-10-updates.md)
-### Get started
-#### [Get started with Windows Update](update/windows-update-overview.md)
-#### [How Windows Update works](update/how-windows-update-works.md)
-#### [Windows Update log files](update/windows-update-logs.md)
-#### [How to troubleshoot Windows Update](update/windows-update-troubleshooting.md)
-#### [Common Windows Update errors](update/windows-update-errors.md)
-#### [Windows Update error code reference](update/windows-update-error-reference.md)
-#### [Other Windows Update resources](update/windows-update-resources.md)
-### Optimize delivery
-#### [Optimize Windows 10 update delivery](update/waas-optimize-windows-10-updates.md)
-#### [Delivery Optimization for Windows 10 updates](update/waas-delivery-optimization.md)
-#### [Set up Delivery Optimization for Windows 10 updates](update/waas-delivery-optimization-setup.md)
-#### [Delivery Optimization reference](update/waas-delivery-optimization-reference.md)
-#### [Configure BranchCache for Windows 10 updates](update/waas-branchcache.md)
-#### [Whitepaper: Windows Updates using forward and reverse differentials](update/PSFxWhitepaper.md)
-### Monitor Windows Updates
-#### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md)
-#### [Get started with Update Compliance](update/update-compliance-get-started.md)
-##### [Update Compliance Configuration Script](update/update-compliance-configuration-script.md)
-##### [Manually Configuring Devices for Update Compliance](update/update-compliance-configuration-manual.md)
-#### [Use Update Compliance](update/update-compliance-using.md)
-##### [Need Attention! report](update/update-compliance-need-attention.md)
-##### [Security Update Status report](update/update-compliance-security-update-status.md)
-##### [Feature Update Status report](update/update-compliance-feature-update-status.md)
-##### [Delivery Optimization in Update Compliance](update/update-compliance-delivery-optimization.md)
-##### [Data Handling and Privacy in Update Compliance](update/update-compliance-privacy.md)
-##### [Update Compliance Schema Reference](update/update-compliance-schema.md)
-###### [WaaSUpdateStatus](update/update-compliance-schema-waasupdatestatus.md)
-###### [WaaSInsiderStatus](update/update-compliance-schema-waasinsiderstatus.md)
-###### [WaaSDeploymentStatus](update/update-compliance-schema-waasdeploymentstatus.md)
-###### [WUDOStatus](update/update-compliance-schema-wudostatus.md)
-###### [WUDOAggregatedStatus](update/update-compliance-schema-wudoaggregatedstatus.md)
-### Best practices
-#### [Best practices for feature updates on mission-critical devices](update/feature-update-mission-critical.md)
-#### [Update Windows 10 media with Dynamic Update](update/media-dynamic-update.md)
-#### [Deploy feature updates during maintenance windows](update/feature-update-maintenance-window.md)
-#### [Deploy feature updates for user-initiated installations](update/feature-update-user-install.md)
-#### [Conclusion](update/feature-update-conclusion.md)
-### [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](update/waas-mobile-updates.md)
-### Use Windows Update for Business
-#### [Deploy updates using Windows Update for Business](update/waas-manage-updates-wufb.md)
-#### [Configure Windows Update for Business](update/waas-configure-wufb.md)
-#### [Enforcing compliance deadlines for updates](update/wufb-compliancedeadlines.md)
-#### [Integrate Windows Update for Business with management solutions](update/waas-integrate-wufb.md)
-#### [Walkthrough: use Group Policy to configure Windows Update for Business](update/waas-wufb-group-policy.md)
-#### [Walkthrough: use Intune to configure Windows Update for Business](https://docs.microsoft.com/intune/windows-update-for-business-configure)
-### Use Windows Server Update Services
-#### [Deploy Windows 10 updates using Windows Server Update Services](update/waas-manage-updates-wsus.md)
-#### [Enable FoD and language pack updates in Windows Update](update/fod-and-lang-packs.md)
-### [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](update/waas-manage-updates-configuration-manager.md)
-### [Manage device restarts after updates](update/waas-restart.md)
-### [Manage additional Windows Update settings](update/waas-wu-settings.md)
-### [Determine the source of Windows updates](update/windows-update-sources.md)
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@ -0,0 +1,515 @@
+- name: Deploy and update Windows 10
+  href: index.yml
+  items: 
+    - name: Get started
+      items: 
+        - name: What's new
+          href: deploy-whats-new.md
+        - name: Windows 10 deployment scenarios
+          href: windows-10-deployment-scenarios.md
+        - name: What is Windows as a service?
+          href: update/waas-quick-start.md
+        - name: Windows update fundamentals
+          href: update/waas-overview.md
+        - name: Types of Windows updates
+          href: update/waas-quick-start.md#definitions
+        - name: Servicing the Windows 10 operating system
+          href: update/waas-servicing-strategy-windows-10-updates.md
+
+        - name: Deployment proof of concept
+          items: 
+            - name: Demonstrate Autopilot deployment on a VM
+              href: windows-autopilot/demonstrate-deployment-on-vm.md
+            - name: Deploy Windows 10 with MDT and Configuration Manager
+              items:
+                - name: 'Step by step guide: Configure a test lab to deploy Windows 10'
+                  href: windows-10-poc.md
+                - name: Deploy Windows 10 in a test lab using MDT
+                  href: windows-10-poc-mdt.md
+                - name: Deploy Windows 10 in a test lab using Configuration Manager
+                  href: windows-10-poc-sc-config-mgr.md 
+        - name: Deployment process posters
+          href: windows-10-deployment-posters.md      
+
+    - name: Plan
+      items:
+        - name: Create a deployment plan
+          href: update/create-deployment-plan.md
+        - name: Define readiness criteria
+          href: update/plan-define-readiness.md
+        - name: Evaluate infrastructure and tools
+          href: update/eval-infra-tools.md
+        - name: Determine application readiness
+          href: update/plan-determine-app-readiness.md 
+        - name: Define your servicing strategy
+          href: update/waas-servicing-strategy-windows-10-updates.md
+        - name: Best practices for feature updates on mission-critical devices
+          href: update/feature-update-mission-critical.md  
+        - name: Plan for volume activation
+          href: volume-activation/plan-for-volume-activation-client.md
+        - name: Features removed or planned for replacement
+          items:
+            - name: Windows 10 features lifecycle
+              href: planning/features-lifecycle.md
+            - name: Features we're no longer developing
+              href: planning/windows-10-deprecated-features.md
+            - name: Features we removed
+              href: planning/windows-10-removed-features.md         
+
+    - name: Prepare
+      items: 
+        - name: Prepare to deploy Windows 10
+          href: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md 
+        - name: Evaluate and update infrastructure
+          href: update/update-policies.md 
+        - name: Set up Delivery Optimization for Windows 10 updates
+          href: update/waas-delivery-optimization-setup.md
+        - name: Configure BranchCache for Windows 10 updates
+          href: update/waas-branchcache.md
+        - name: Prepare your deployment tools
+          items:
+            - name: Register devices for deployment with Windows Autopilot
+              href: windows-autopilot/add-devices.md
+            - name: Prepare for deployment with MDT
+              href: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
+            - name: Prepare for deployment with Configuration Manager
+              href: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+        - name: Build a successful servicing strategy
+          items:
+            - name: Build deployment rings for Windows 10 updates
+              href: update/waas-deployment-rings-windows-10-updates.md
+            - name: Prepare updates using Windows Update for Business
+              href: update/waas-manage-updates-wufb.md
+            - name: Prepare updates using WSUS
+              href: update/waas-manage-updates-wsus.md
+
+    - name: Deploy
+      items: 
+        - name: Deploy Windows 10
+          items:
+            - name: Deploy Windows 10 with Autopilot
+              href: windows-autopilot/windows-autopilot-scenarios.md
+            - name: Deploy Windows 10 with Configuration Manager
+              items:
+                - name: Deploy to a new device
+                  href: deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
+                - name: Refresh a device
+                  href: deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+                - name: Replace a device
+                  href: deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+                - name: In-place upgrade
+                  href: deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
+            - name: Deploy Windows 10 with MDT
+              items:
+                - name: Deploy to a new device
+                  href: deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+                - name: Refresh a device
+                  href: deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
+                - name: Replace a device
+                  href: deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+                - name: In-place upgrade
+                  href: deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
+            - name: Subscription Activation
+              items:
+                - name: Windows 10 Subscription Activation
+                  href: windows-10-subscription-activation.md
+                - name: Windows 10 Enterprise E3 in CSP
+                  href: windows-10-enterprise-e3-overview.md
+                - name: Configure VDA for Subscription Activation
+                  href: vda-subscription-activation.md
+                - name: Deploy Windows 10 Enterprise licenses
+                  href: deploy-enterprise-licenses.md
+        - name: Deploy Windows 10 updates
+          items:
+            - name: Assign devices to servicing channels
+              href: update/waas-servicing-channels-windows-10-updates.md
+            - name: Deploy updates with Configuration Manager
+              href: update/deploy-updates-configmgr.md
+            - name: Deploy updates with Intune
+              href: update/waas-wufb-csp-mdm.md
+            - name: Deploy updates with WSUS
+              href: update/waas-manage-updates-wsus.md
+            - name: Deploy updates with Group Policy
+              href: update/waas-wufb-group-policy.md
+            - name: Update Windows 10 media with Dynamic Update
+              href: update/media-dynamic-update.md
+            - name: Manage the Windows 10 update experience
+              items:              
+                - name: Manage device restarts after updates
+                  href: update/waas-restart.md
+                - name: Manage additional Windows Update settings
+                  href: update/waas-wu-settings.md 
+                - name: Deploy feature updates during maintenance windows
+                  href: update/feature-update-maintenance-window.md  
+                - name: Deploy feature updates for user-initiated installations
+                  href: update/feature-update-user-install.md        
+        - name: Use Windows Update for Business
+          items:
+            - name: What is Windows Update for Business?
+              href: update/waas-manage-updates-wufb.md
+            - name: Configure Windows Update for Business
+              href: update/waas-configure-wufb.md
+            - name: Enforcing compliance deadlines for updates
+              href: update/wufb-compliancedeadlines.md
+            - name: Integrate Windows Update for Business with management solutions
+              href: update/waas-integrate-wufb.md
+            - name: 'Walkthrough: use Group Policy to configure Windows Update for Business'
+              href: update/waas-wufb-group-policy.md
+            - name: 'Walkthrough: use Intune to configure Windows Update for Business'
+              href: update/waas-wufb-csp-mdm.md
+        - name: Monitor Windows 10 updates
+          items:
+            - name: Monitor Delivery Optimization
+              href: update/waas-delivery-optimization-setup.md#monitor-delivery-optimization
+            - name: Monitor Windows Updates with Update Compliance
+              items:
+              - name: Get started
+                items: 
+                  - name: Get started with Update Compliance
+                    href: update/update-compliance-get-started.md
+                  - name: Update Compliance configuration script
+                    href: update/update-compliance-configuration-script.md
+                  - name: Manually configuring devices for Update Compliance
+                    href: update/update-compliance-configuration-manual.md
+              - name: Update Compliance monitoring
+                items: 
+                  - name: Use Update Compliance
+                    href: update/update-compliance-using.md
+                  - name: Need attention report
+                    href: update/update-compliance-need-attention.md
+                  - name: Security update status report
+                    href: update/update-compliance-security-update-status.md
+                  - name: Feature update status report
+                    href: update/update-compliance-feature-update-status.md
+                  - name: Delivery Optimization in Update Compliance
+                    href: update/update-compliance-delivery-optimization.md
+                  - name: Data handling and privacy in Update Compliance
+                    href: update/update-compliance-privacy.md
+                  - name: Update Compliance schema reference
+                    items:
+                      - name: WaaSUpdateStatus
+                        href: update/update-compliance-schema-waasupdatestatus.md
+                      - name: WaaSInsiderStatus
+                        href: update/update-compliance-schema-waasinsiderstatus.md
+                      - name: WaaSDepoymentStatus
+                        href: update/update-compliance-schema-waasdeploymentstatus.md
+                      - name: WUDOStatus
+                        href: update/update-compliance-schema-wudostatus.md
+                      - name: WUDOAggregatedStatus
+                        href: update/update-compliance-schema-wudoaggregatedstatus.md
+        - name: Troubleshooting
+          items:
+            - name: Resolve upgrade errors
+              items:
+                - name: Resolve Windows 10 upgrade errors
+                  href: upgrade/resolve-windows-10-upgrade-errors.md
+                - name: Quick fixes
+                  href: upgrade/quick-fixes.md
+                - name: SetupDiag
+                  href: upgrade/setupdiag.md
+                - name: Troubleshooting upgrade errors
+                  href: upgrade/troubleshoot-upgrade-errors.md
+                - name: Windows error reporting
+                  href: upgrade/windows-error-reporting.md
+                - name: Upgrade error codes
+                  href: upgrade/upgrade-error-codes.md
+                - name: Log files
+                  href: upgrade/log-files.md
+                - name: Resolution procedures
+                  href: upgrade/resolution-procedures.md
+                - name: Submit Windows 10 upgrade errors
+                  href: upgrade/submit-errors.md
+            - name: Troubleshoot Windows Update
+              items:
+                - name: How to troubleshoot Windows Update
+                  href: update/windows-update-troubleshooting.md
+                - name: Determine the source of Windows Updates
+                  href: update/windows-update-sources.md
+                - name: Common Windows Update errors
+                  href: update/windows-update-errors.md
+                - name: Windows Update error code reference
+                  href: update/windows-update-error-reference.md
+
+    - name: Reference
+      items:
+        - name: How does Windows Update work?
+          href: update/how-windows-update-works.md
+        - name: Understanding the Unified Update Platform
+          href: update/windows-update-overview.md
+        - name: Servicing stack updates
+          href: update/servicing-stack-updates.md
+        - name: How Windows Update works
+          href: update/how-windows-update-works.md
+        - name: Additional Windows Update settings
+          href: update/waas-wu-settings.md
+        - name: Delivery Optimization reference
+          href: update/waas-delivery-optimization-reference.md
+        - name: Windows 10 in S mode
+          href: windows-10-pro-in-s-mode.md
+        - name: Windows 10 deployment tools
+          items:
+            - name: Windows 10 deployment scenarios and tools
+              items:
+                - name: Convert MBR partition to GPT
+                  href: mbr-to-gpt.md
+                - name: Configure a PXE server to load Windows PE
+                  href: configure-a-pxe-server-to-load-windows-pe.md
+                - name: Windows ADK for Windows 10 scenarios for IT Pros
+                  href: windows-adk-scenarios-for-it-pros.md
+                - name: Windows To Go
+                  items:
+                    - name: Deploy Windows To Go in your organization
+                      href: deploy-windows-to-go.md
+                    - name: "Windows To Go: feature overview"
+                      href: planning/windows-to-go-overview.md
+                    - name: Best practice recommendations for Windows To Go
+                      href: planning/best-practice-recommendations-for-windows-to-go.md
+                    - name: Deployment considerations for Windows To Go
+                      href: planning/deployment-considerations-for-windows-to-go.md
+                    - name: Prepare your organization for Windows To Go
+                      href: planning/prepare-your-organization-for-windows-to-go.md
+                    - name: Security and data protection considerations for Windows To Go
+                      href: planning/security-and-data-protection-considerations-for-windows-to-go.md
+                    - name: "Windows To Go: frequently asked questions"
+                      href: planning/windows-to-go-frequently-asked-questions.md
+        
+                - name: Volume Activation Management Tool (VAMT) technical reference
+                  items:
+                    - name: VAMT technical reference
+                      href: volume-activation/volume-activation-management-tool.md
+                    - name: Introduction to VAMT
+                      href: volume-activation/introduction-vamt.md
+                    - name: Active Directory-Based Activation Overview
+                      href: volume-activation/active-directory-based-activation-overview.md
+                    - name: Install and Configure VAMT
+                      href: volume-activation/install-configure-vamt.md
+                    - name: VAMT Requirements
+                      href: volume-activation/vamt-requirements.md
+                    - name: Install VAMT
+                      href: volume-activation/install-vamt.md
+                    - name: Configure Client Computers
+                      href: volume-activation/configure-client-computers-vamt.md
+                    - name: Add and Manage Products
+                      href: volume-activation/add-manage-products-vamt.md
+                    - name: Add and Remove Computers
+                      href: volume-activation/add-remove-computers-vamt.md
+                    - name: Update Product Status
+                      href: volume-activation/update-product-status-vamt.md
+                    - name: Remove Products
+                      href: volume-activation/remove-products-vamt.md
+                    - name: Manage Product Keys
+                      href: volume-activation/manage-product-keys-vamt.md
+                    - name: Add and Remove a Product Key
+                      href: volume-activation/add-remove-product-key-vamt.md
+                    - name: Install a Product Key
+                      href: volume-activation/install-product-key-vamt.md
+                    - name: Install a KMS Client Key
+                      href: volume-activation/install-kms-client-key-vamt.md
+                    - name: Manage Activations
+                      href: volume-activation/manage-activations-vamt.md
+                    - name: Perform Online Activation
+                      href: volume-activation/online-activation-vamt.md
+                    - name: Perform Proxy Activation
+                      href: volume-activation/proxy-activation-vamt.md
+                    - name: Perform KMS Activation
+                      href: volume-activation/kms-activation-vamt.md
+                    - name: Perform Local Reactivation
+                      href: volume-activation/local-reactivation-vamt.md
+                    - name: Activate an Active Directory Forest Online
+                      href: volume-activation/activate-forest-vamt.md
+                    - name: Activate by Proxy an Active Directory Forest
+                      href: volume-activation/activate-forest-by-proxy-vamt.md
+                    - name: Manage VAMT Data
+                      href: volume-activation/manage-vamt-data.md
+                    - name: Import and Export VAMT Data
+                      href: volume-activation/import-export-vamt-data.md
+                    - name: Use VAMT in Windows PowerShell
+                      href: volume-activation/use-vamt-in-windows-powershell.md
+                    - name: VAMT Step-by-Step Scenarios
+                      href: volume-activation/vamt-step-by-step.md
+                    - name: "Scenario 1: Online Activation"
+                      href: volume-activation/scenario-online-activation-vamt.md
+                    - name: "Scenario 2: Proxy Activation"
+                      href: volume-activation/scenario-proxy-activation-vamt.md
+                    - name: "Scenario 3: KMS Client Activation"
+                      href: volume-activation/scenario-kms-activation-vamt.md
+                    - name: VAMT Known Issues
+                      href: volume-activation/vamt-known-issues.md
+        
+                - name: User State Migration Tool (USMT) technical reference
+                  items:
+                    - name: USMT overview topics
+                      items:
+                        - name: USMT overview
+                          href: usmt/usmt-overview.md
+                        - name: Getting started with the USMT
+                          href: usmt/getting-started-with-the-user-state-migration-tool.md
+                        - name: Windows upgrade and migration considerations
+                          href: upgrade/windows-upgrade-and-migration-considerations.md
+                    - name: USMT How-to topics
+                      items:
+                        - name: Exclude Files and Settings
+                          href: usmt/usmt-exclude-files-and-settings.md
+                        - name: Extract Files from a Compressed USMT Migration Store
+                          href: usmt/usmt-extract-files-from-a-compressed-migration-store.md
+                        - name: Include Files and Settings
+                          href: usmt/usmt-include-files-and-settings.md
+                        - name: Migrate Application Settings
+                          href: usmt/migrate-application-settings.md
+                        - name: Migrate EFS Files and Certificates
+                          href: usmt/usmt-migrate-efs-files-and-certificates.md
+                        - name: Migrate User Accounts
+                          href: usmt/usmt-migrate-user-accounts.md
+                        - name: Reroute Files and Settings
+                          href: usmt/usmt-reroute-files-and-settings.md
+                        - name: Verify the Condition of a Compressed Migration Store
+                          href: usmt/verify-the-condition-of-a-compressed-migration-store.md
+                        - name: USMT Troubleshooting
+                          href: usmt/usmt-troubleshooting.md
+                        - name: Common Issues
+                          href: usmt/usmt-common-issues.md
+                        - name: Frequently Asked Questions
+                          href: usmt/usmt-faq.md
+                        - name: Log Files
+                          href: usmt/usmt-log-files.md
+                        - name: Return Codes
+                          href: usmt/usmt-return-codes.md
+                        - name: USMT Resources
+                          href: usmt/usmt-resources.md
+        
+                    - name: USMT Reference
+                      items:
+                        - name: USMT Requirements
+                          href: usmt/usmt-requirements.md
+                        - name: USMT Best Practices
+                          href: usmt/usmt-best-practices.md
+                        - name: How USMT Works
+                          href: usmt/usmt-how-it-works.md
+                        - name: Plan Your Migration
+                          href: usmt/usmt-plan-your-migration.md
+                        - name: Common Migration Scenarios
+                          href: usmt/usmt-common-migration-scenarios.md
+                        - name: What Does USMT Migrate?
+                          href: usmt/usmt-what-does-usmt-migrate.md
+                        - name: Choose a Migration Store Type
+                          href: usmt/usmt-choose-migration-store-type.md
+                        - name: Migration Store Types Overview
+                          href: usmt/migration-store-types-overview.md
+                        - name: Estimate Migration Store Size
+                          href: usmt/usmt-estimate-migration-store-size.md
+                        - name: Hard-Link Migration Store
+                          href: usmt/usmt-hard-link-migration-store.md
+                        - name: Migration Store Encryption
+                          href: usmt/usmt-migration-store-encryption.md
+                        - name: Determine What to Migrate
+                          href: usmt/usmt-determine-what-to-migrate.md
+                        - name: Identify users
+                          href: usmt/usmt-identify-users.md
+                        - name: Identify Applications Settings
+                          href: usmt/usmt-identify-application-settings.md
+                        - name: Identify Operating System Settings
+                          href: usmt/usmt-identify-operating-system-settings.md
+                        - name: Identify File Types, Files, and Folders
+                          href: usmt/usmt-identify-file-types-files-and-folders.md
+                        - name: Test Your Migration
+                          href: usmt/usmt-test-your-migration.md
+                        - name: USMT Command-line Syntax
+                          href: usmt/usmt-command-line-syntax.md
+                        - name: ScanState Syntax
+                          href: usmt/usmt-scanstate-syntax.md
+                        - name: LoadState Syntax
+                          href: usmt/usmt-loadstate-syntax.md
+                        - name: UsmtUtils Syntax
+                          href: usmt/usmt-utilities.md
+                        - name: USMT XML Reference
+                          href: usmt/usmt-xml-reference.md
+                        - name: Understanding Migration XML Files
+                          href: usmt/understanding-migration-xml-files.md
+                        - name: Config.xml File
+                          href: usmt/usmt-configxml-file.md
+                        - name: Customize USMT XML Files
+                          href: usmt/usmt-customize-xml-files.md
+                        - name: Custom XML Examples
+                          href: usmt/usmt-custom-xml-examples.md
+                        - name: Conflicts and Precedence
+                          href: usmt/usmt-conflicts-and-precedence.md
+                        - name: General Conventions
+                          href: usmt/usmt-general-conventions.md
+                        - name: XML File Requirements
+                          href: usmt/xml-file-requirements.md
+                        - name: Recognized Environment Variables
+                          href: usmt/usmt-recognized-environment-variables.md
+                        - name: XML Elements Library
+                          href: usmt/usmt-xml-elements-library.md
+                        - name: Offline Migration Reference
+                          href: usmt/offline-migration-reference.md
+        
+            - name: Application Compatibility Toolkit (ACT) Technical Reference
+              items:
+                - name: SUA User's Guide
+                  href: planning/sua-users-guide.md
+                - name: Using the SUA Wizard
+                  href: planning/using-the-sua-wizard.md
+                - name: Using the SUA Tool
+                  href: planning/using-the-sua-tool.md
+                - name: Tabs on the SUA Tool Interface
+                  href: planning/tabs-on-the-sua-tool-interface.md
+                - name: Showing Messages Generated by the SUA Tool
+                  href: planning/showing-messages-generated-by-the-sua-tool.md
+                - name: Applying Filters to Data in the SUA Tool
+                  href: planning/applying-filters-to-data-in-the-sua-tool.md
+                - name: Fixing Applications by Using the SUA Tool
+                  href: planning/fixing-applications-by-using-the-sua-tool.md
+                - name: Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista
+                  href: planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
+                - name: Compatibility Administrator User's Guide
+                  href: planning/compatibility-administrator-users-guide.md
+                - name: Using the Compatibility Administrator Tool
+                  href: planning/using-the-compatibility-administrator-tool.md
+                - name: Available Data Types and Operators in Compatibility Administrator
+                  href: planning/available-data-types-and-operators-in-compatibility-administrator.md
+                - name: Searching for Fixed Applications in Compatibility Administrator
+                  href: planning/searching-for-fixed-applications-in-compatibility-administrator.md
+                - name: Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator
+                  href: planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
+                - name: Creating a Custom Compatibility Fix in Compatibility Administrator
+                  href: planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
+                - name: Creating a Custom Compatibility Mode in Compatibility Administrator
+                  href: planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
+                - name: Creating an AppHelp Message in Compatibility Administrator
+                  href: planning/creating-an-apphelp-message-in-compatibility-administrator.md
+                - name: Viewing the Events Screen in Compatibility Administrator
+                  href: planning/viewing-the-events-screen-in-compatibility-administrator.md
+                - name: Enabling and Disabling Compatibility Fixes in Compatibility Administrator
+                  href: planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
+                - name: Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator
+                  href: planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
+                - name: Managing Application-Compatibility Fixes and Custom Fix Databases
+                  href: planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
+                - name: Understanding and Using Compatibility Fixes
+                  href: planning/understanding-and-using-compatibility-fixes.md
+                - name: Compatibility Fix Database Management Strategies and Deployment
+                  href: planning/compatibility-fix-database-management-strategies-and-deployment.md
+                - name: Testing Your Application Mitigation Packages
+                  href: planning/testing-your-application-mitigation-packages.md
+                - name: Using the Sdbinst.exe Command-Line Tool
+                  href: planning/using-the-sdbinstexe-command-line-tool.md
+                - name: Volume Activation 
+                  href: volume-activation/volume-activation-windows-10.md
+                - name: Plan for volume activation 
+                  href: volume-activation/plan-for-volume-activation-client.md
+                - name: Activate using Key Management Service 
+                  href: volume-activation/activate-using-key-management-service-vamt.md
+                - name: Activate using Active Directory-based activation 
+                  href: volume-activation/activate-using-active-directory-based-activation-client.md
+                - name: Activate clients running Windows 10
+                  href: volume-activation/activate-windows-10-clients-vamt.md
+                - name: Monitor activation 
+                  href: volume-activation/monitor-activation-client.md
+                - name: Use the Volume Activation Management Tool 
+                  href: volume-activation/use-the-volume-activation-management-tool-client.md
+                - name: "Appendix: Information sent to Microsoft during activation "
+                  href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
+
+        - name: Install fonts in Windows 10
+          href: windows-10-missing-fonts.md
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@ -25,14 +25,16 @@ ms.topic: article
 This topic provides an overview of new solutions and online content related to deploying Windows 10 in your organization.

 - For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://docs.microsoft.com/windows/whats-new/index).
- For a detailed list of changes to Windows 10 ITPro TechNet library content, see [Online content change history](#online-content-change-history).

-## Recent additions to this page
+## Latest news

-[SetupDiag](#setupdiag) 1.6 is released.<br>
-The [Windows ADK for Windows 10, version 1903](https://docs.microsoft.com/windows-hardware/get-started/adk-install) is available.<br>
-New [Windows Autopilot](#windows-autopilot) content is available.<br>
-[Windows 10 Subscription Activation](#windows-10-subscription-activation) now supports Windows 10 Education.
+[SetupDiag](#setupdiag) is included with Windows 10, version 2004 and later.<br>
+The [Windows ADK for Windows 10, version 2004](https://docs.microsoft.com/windows-hardware/get-started/adk-install) is available.<br>
+New capabilities are available for [Delivery Optimization](#delivery-optimization) and [Windows Update for Business](#windows-update-for-business).<br>
+VPN support is added to [Windows Autopilot](#windows-autopilot)<br>
+An in-place upgrade wizard is available in [Configuration Manager](#microsoft-endpoint-configuration-manager).<br>
+The [Windows ADK](#windows-assessment-and-deployment-kit-adk) for Windows 10, version 2004 is available.<br>
+The Windows 10 deployment and update [landing page](index.yml) has been redesigned, with additional content added and more content coming soon.<br>

 ## The Modern Desktop Deployment Center

@ -49,9 +51,36 @@ See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, whic

 ## Windows 10 servicing and support

- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Microsoft 365 Apps for enterprise updates, and Intune content, with Microsoft Endpoint Configuration Manager content coming soon! 
- [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically logon as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.  
- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. 
+### Delivery Optimization
+
+Windows PowerShell cmdlets for Delivery Optimization have been improved:
+
+- **Get-DeliveryOptimizationStatus** has added the  **-PeerInfo** option for a real-time peak behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
+- **Get-DeliveryOptimizationLogAnalysis** is a new cmdlet that provides a summary of the activity in your DO log (# of downloads, downloads from peers, overall peer efficiency). Use the **-ListConnections** option to for in-depth look at peer-to-peer connections.
+- **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to assist in troubleshooting.
+
+Additional improvements in [Delivery Optimization](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization) include:
+- Enterprise network [throttling is enhanced](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#new-download-throttling-options-for-delivery-optimization-build-18917) to optimize foreground vs. background throttling.
+- Automatic cloud-based congestion detection is available for PCs with cloud service support.
+- Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Microsoft 365 Apps for enterprise updates, and Intune content, with Microsoft Endpoint Configuration Manager content coming soon! 
+
+The following Delivery Optimization policies are removed in the Windows 10, version 2004 release:
+
+- Percentage of Maximum Download Bandwidth (DOPercentageMaxDownloadBandwidth)
+  - Reason: Replaced with separate policies for foreground and background
+- Max Upload Bandwidth (DOMaxUploadBandwidth)
+  - Reason: impacts uploads to internet peers only, which isn't used in Enterprises. 
+- Absolute max throttle (DOMaxDownloadBandwidth)
+  - Reason: separated to foreground and background
+
+### Windows Update for Business
+
+[Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb) enhancements in this release include:
+- Intune console updates: target version is now available allowing you to specify which version of Windows 10 you want devices to move to. Additionally, this capability enables you to keep devices on their current version until they reach end of service. Check it out in Intune, also available as a Group Policy and Configuration Service Provider (CSP) policy.
+- Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we have created a new policy that enables admins to opt devices out of the built-in safeguard holds.
+
+- [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically log on as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.  
+- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. 
 - **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
 - **Pause updates**: We have extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you will need to update your device before pausing again. 
 - **Improved update notifications**: When there’s an update requiring you to restart your device, you’ll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar.
@ -70,13 +99,16 @@ Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel o

 For more information, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md)

-
 ## Deployment solutions and tools

 ### Windows Autopilot

 [Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) streamlines and automates the process of setting up and configuring new devices, with minimal interaction required from the end user. You can also use Windows Autopilot to reset, repurpose and recover devices. 

+With the release of Windows 10, version 2004 you can configure [Windows Autopilot user-driven](https://docs.microsoft.com/windows/deployment/windows-autopilot/user-driven) Hybrid Azure Active Directory join with VPN support. This support is also backported to Windows 10, version 1909 and 1903.
+
+If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios will now skip the language, locale, and keyboard pages.  In previous versions, this was only supported with self-deploying profiles.
+
 The following Windows Autopilot features are available in Windows 10, version 1903 and later:

 - [Windows Autopilot for white glove deployment](https://docs.microsoft.com/windows/deployment/windows-autopilot/white-glove) is new in Windows 10, version 1903. "White glove" deployment enables partners or IT staff to pre-provision devices so they are fully configured and business ready for your users.
@ -85,6 +117,10 @@ The following Windows Autopilot features are available in Windows 10, version 19
 - Windows Autopilot is self-updating during OOBE. Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
 - Windows Autopilot will set the [diagnostics data](https://docs.microsoft.com/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE. 

+### Microsoft Endpoint Configuration Manager
+
+An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuration Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364).
+
 ### Windows 10 Subscription Activation

 Windows 10 Education support has been added to Windows 10 Subscription Activation.
@ -93,9 +129,11 @@ With Windows 10, version 1903, you can step-up from Windows 10 Pro Education to

 ### SetupDiag

-[SetupDiag](upgrade/setupdiag.md) is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. 
+[SetupDiag](upgrade/setupdiag.md) is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues.

-SetupDiag version 1.6.0.42 was released on 08/08/2019.
+In Windows 10, version 2004, SetupDiag is now automatically installed.
+
+During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, Windows Setup now also installs SetupDiag.exe to this directory. If there is an issue with the upgrade, SetupDiag is automatically run to determine the cause of the failure. If the upgrade process proceeds normally, this directory is moved under %SystemDrive%\Windows.Old for cleanup.

 ### Upgrade Readiness

@ -131,21 +169,21 @@ There are many benefits to converting the partition style of a disk to GPT, incl

 For more information, see [MBR2GPT.EXE](mbr-to-gpt.md).

-
 ### Microsoft Deployment Toolkit (MDT)

-MDT build 8456 (12/19/2018) is available, including support for Windows 10, version 1809, and Windows Server 2019.
-
-For more information about MDT, see the [MDT resource page](https://docs.microsoft.com/sccm/mdt/).
+MDT version 8456 supports Windows 10, version 2004 and earlier operating systems, including Windows Server 2019. There is currently an issue that causes MDT to incorrectly detect that UEFI is present in Windows 10, version 2004.  This issue is currently under investigation.

+For the latest information about MDT, see the [MDT release notes](https://docs.microsoft.com/mem/configmgr/mdt/release-notes).

 ### Windows Assessment and Deployment Kit (ADK)

-The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. See the following topics:
+The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows.

- [What's new in ADK kits and tools](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-kits-and-tools)
- [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md)
+Download the Windows ADK and Windows PE add-on for Windows 10, version 2004 [here](https://docs.microsoft.com/windows-hardware/get-started/adk-install).

+For information about what's new in the ADK, see [What's new in the Windows ADK for Windows 10, version 2004](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-kits-and-tools#whats-new-in-the-windows-adk-for-windows-10-version-2004).
+ 
+Also see [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).

 ## Testing and validation guidance

@ -159,25 +197,15 @@ For more information, see the following guides:
 - [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
 - [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md)

-
 ## Troubleshooting guidance

 [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) was published in October of 2016 and will continue to be updated with new fixes. The topic provides a detailed explanation of the Windows 10 upgrade process and instructions on how to locate, interpret, and resolve specific errors that can be encountered during the upgrade process.

-
-## Online content change history
-
-The following topics provide a change history for Windows 10 ITPro TechNet library content related to deploying and using Windows 10.
-
-[Change history for Access Protection](/windows/access-protection/change-history-for-access-protection)<br>
-[Change history for Device Security](/windows/device-security/change-history-for-device-security)<br>
-[Change history for Threat Protection](/windows/threat-protection/change-history-for-threat-protection)
-
 ## Related topics

-[Overview of Windows as a service](update/waas-overview.md)
-<BR>[Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md)
-<BR>[Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information)
-<BR>[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications)
-<BR>[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
-<BR>[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)
+[Overview of Windows as a service](update/waas-overview.md)<br>
+[Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md)<br>
+[Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information)<br>
+[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications)<br>
+[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)<br>
+[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)<br>
--- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
+++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
@ -88,7 +88,6 @@ Following these steps, you enable the backup of BitLocker and TPM recovery infor
        3. Do not enable BitLocker until recovery information is stored in AD DS for operating system drives
    2. Enable the **Configure TPM platform validation profile for BIOS-based firmware configurations** policy.
    3. Enable the **Configure TPM platform validation profile for native UEFI firmware configurations** policy.
-        Computer Configuration / Policies / Administrative Templates / System / Trusted Platform Module Services

 > [!NOTE]
 > If you consistently get the error "Windows BitLocker Drive Encryption Information. The system boot information has changed since BitLocker was enabled. You must supply a BitLocker recovery password to start this system." after encrypting a computer with BitLocker, you might have to change the various "Configure TPM platform validation profile" Group Policies, as well. Whether or not you need to do this will depend on the hardware you are using.
--- a/windows/deployment/deploy-windows-to-go.md
+++ b/windows/deployment/deploy-windows-to-go.md
@ -25,8 +25,8 @@ ms.topic: article

 This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment.

->[!IMPORTANT]
->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
+> [!IMPORTANT]
+> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.

 ## Deployment tips

--- a/windows/deployment/index.yml
+++ b/windows/deployment/index.yml
@ -1,105 +1,94 @@
-### YamlMime:YamlDocument
+### YamlMime:Landing
+
+title: Windows 10 deployment resources and documentation # < 60 chars
+summary: Learn about deploying and and keeping Windows 10 up to date.  # < 160 chars

-documentType: LandingData
-title: Deploy and update Windows 10
 metadata:
-  document_id: 
-  title: Deploy and update Windows 10
-  description: Deploying and updating Windows 10 for IT professionals.
-  keywords: deploy, update, Windows, service, Microsoft365, e5, e3
-  ms.localizationpriority: high
-  author: greg-lindsay
-  ms.author: greglin
-  manager: laurawi
-  ms.topic: article
-  ms.devlang: na
+  title: Windows 10 deployment resources and documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
+  description: Learn about deploying Windows 10 and keeping it up to date in your organization. # Required; article description that is displayed in search results. < 160 chars.
+  services: windows-10
+  ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
+  ms.subservice: subservice
+  ms.topic: landing-page # Required
+  ms.collection: windows-10
+  author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
+  ms.author: greglin #Required; microsoft alias of author; optional team alias.
+  ms.date: 05/27/2020 #Required; mm/dd/yyyy format.
+  localization_priority: medium
+    
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new

-sections:
- items:
-  - type: markdown
-    text: Learn about deployment of Windows 10 for IT professionals. This includes deploying the operating system, upgrading to it from previous versions and updating Windows 10.  
- items:
-  - type: list
-    style: cards
-    className: cardsM
-    columns: 3
-    items:
-    - href: windows-10-deployment-scenarios
-      html: <p>Understand the different ways that Windows 10 can be deployed</p>
-      image:
-        src: https://docs.microsoft.com/media/common/i_deploy.svg
-      title: Windows 10 deployment scenarios
-    - href: update
-      html: <p>Update Windows 10 in the enterprise</p>
-      image:
-        src: https://docs.microsoft.com/media/common/i_upgrade.svg
-      title: Windows as a service
-    - href: windows-autopilot/windows-autopilot
-      html: <p>Windows Autopilot greatly simplifies deployment of Windows devices</p>
-      image:
-        src: https://docs.microsoft.com/media/common/i_delivery.svg
-      title: Windows Autopilot
- title:
- items:
-  - type: markdown
-    text: "
-      <br>
-      <table border='0'>
-      <tr><td>[Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) </td><td>Check out the new Modern Deskop Deployment Center and discover content to help you with your Windows 10 and Microsoft 365 Apps for enterprise deployments.</td>
-      <tr><td>[What's new in Windows 10 deployment](deploy-whats-new.md) </td><td>See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization. </td>
-      <tr><td>[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) </td><td>To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. </td>
-      <tr><td>[Windows Autopilot](windows-autopilot/windows-autopilot.md) </td><td>Windows Autopilot enables an IT department to pre-configure new devices and repurpose existing devices with a simple process that requires little to no infrastructure.</td>
-      <tr><td>[Windows 10 Subscription Activation](windows-10-subscription-activation.md) </td><td>Windows 10 Enterprise has traditionally been sold as on premises software, however, with Windows 10 version 1703 (also known as the Creator’s Update), both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as true online services via subscription. You can move from Windows 10 Pro to Windows 10 Enterprise with no keys and no reboots. If you are using a Cloud Service Providers (CSP) see the related topic: [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md). </td>
-      <tr><td>[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) </td><td>This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. </td>
-      </table>
-      "
- title: Deploy Windows 10
- items:
-  - type: markdown
-    text: "
-      Windows 10 upgrade options are discussed and information is provided about planning, testing, and managing your production deployment.
-      <br>&nbsp;<br>
-      <table border='0'><tr><td>Topic</td><td>Description</td></tr>
-      <tr><td>[Overview of Windows Autopilot](windows-autopilot/windows-autopilot.md) </td><td>Windows Autopilot deployment is a new cloud service from Microsoft that provides a zero touch experience for deploying Windows 10 devices. </td>
-      <tr><td>[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) </td><td>This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. </td>
-      <tr><td>[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) </td><td>This topic provides information about support for upgrading from one edition of Windows 10 to another. </td>
-      <tr><td>[Windows 10 volume license media](windows-10-media.md) </td><td>This topic provides information about media available in the Microsoft Volume Licensing Service Center. </td>
-      <tr><td>[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) </td><td>With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.</td> 
-      <tr><td>[Windows 10 deployment test lab](windows-10-poc.md) </td><td>This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to  deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md). </td>
-      <tr><td>[Plan for Windows 10 deployment](planning/index.md) </td><td>This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. </td>
-      <tr><td>[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) </td><td>This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). </td>
-      <tr><td>[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-cm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) </td><td>If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. </td>
-      <tr><td>[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) </td><td>Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. </td>
-      </table>
-      "
- title: Update Windows 10
- items:
-  - type: markdown
-    text: "
-      Information is provided about keeping Windows 10 up-to-date.
-      <br>&nbsp;<br>
-      <table border='0'><tr><td>Topic</td><td>Description</td></tr>
-      <tr><td>[Quick guide to Windows as a service](update/waas-quick-start.md) </td><td>Provides a brief summary of the key points for the new servicing model for Windows 10.</td>
-      <tr><td>[Overview of Windows as a service](update/waas-overview.md) </td><td>Explains the differences in building, deploying, and servicing Windows 10; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools.</td>
-      <tr><td>[Prepare servicing strategy for Windows 10 updates](update/waas-servicing-strategy-windows-10-updates.md) </td><td>Explains the decisions you need to make in your servicing strategy.</td>
-      <tr><td>[Build deployment rings for Windows 10 updates](update/waas-deployment-rings-windows-10-updates.md) </td><td>Explains how to make use of servicing branches and update deferrals to manage Windows 10 updates.</td>
-      <tr><td>[Assign devices to servicing branches for Windows 10 updates](update/waas-servicing-branches-windows-10-updates.md) </td><td>Explains how to assign devices to Current Branch (CB) or Current Branch for Business (CBB) for feature and quality updates, and how to enroll devices in Windows Insider.</td>
-      <tr><td>[Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md) </td><td>Explains how to use Windows Analytics: Update Compliance to monitor and manage Windows Updates on devices in your organization.</td>
-      <tr><td>[Optimize update delivery for Windows 10 updates](update/waas-optimize-windows-10-updates.md) </td><td>Explains the benefits of using Delivery Optimization or BranchCache for update distribution.</td>
-      <tr><td>[Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](update/waas-mobile-updates.md) </td><td>Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile.</td>
-      <tr><td>[Deploy updates using Windows Update for Business](update/waas-manage-updates-wufb.md) </td><td>Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune.</td>
-      <tr><td>[Deploy Windows 10 updates using Windows Server Update Services (WSUS)](update/waas-manage-updates-wsus.md) </td><td>Explains how to use WSUS to manage Windows 10 updates.</td>
-      <tr><td>[Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](update/waas-manage-updates-configuration-manager.md) </td><td>Explains how to use Configuration Manager to manage Windows 10 updates.</td>
-      <tr><td>[Manage device restarts after updates](update/waas-restart.md) </td><td>Explains how to manage update related device restarts.</td>
-      <tr><td>[Manage additional Windows Update settings](update/waas-wu-settings.md) </td><td>Provides details about settings available to control and configure Windows Update.</td>
-      <tr><td>[Windows Insider Program for Business](update/waas-windows-insider-for-business.md) </td><td>Explains how the Windows Insider Program for Business works and how to become an insider.</td>
-      </table>
-      "
- title: Additional topics
- items:
-  - type: markdown
-    text: "
-      <br>
-      <tr><td>[Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md) </td><td> This topic describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile.</tr></td>
-      </table>
-      "
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Overview
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Windows 10 deployment scenarios
+            url: windows-10-deployment-scenarios.md
+          - text: What is Windows as a service?
+            url:  update/waas-overview.md
+          - text: Types of Windows updates
+            url: update/waas-quick-start.md#definitions
+
+  # Card (optional)
+  - title: Get started
+    linkLists:
+      - linkListType: get-started
+        links:
+          - text: Demonstrate Autopilot deployment
+            url: windows-autopilot/demonstrate-deployment-on-vm.md
+          - text: Servicing the Windows 10 operating system
+            url: update/waas-servicing-strategy-windows-10-updates.md
+          - text: Deploy Windows 10 in a test lab
+            url: windows-10-poc.md
+
+  # Card (optional)
+  - title: Deployment planning
+    linkLists:
+      - linkListType: architecture
+        links:
+          - text: Create a deployment plan
+            url: update/create-deployment-plan.md
+          - text: Evaluate infrastructure and tools
+            url: update/eval-infra-tools.md
+          - text: Define your servicing strategy
+            url: update/waas-servicing-strategy-windows-10-updates.md
+ 
+   # Card
+  - title: Prepare to deploy Windows 10
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Prepare to deploy Windows 10
+            url: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
+          - text: Evaluate and update infrastructure
+            url: update/update-policies.md
+          - text: Build a successful servicing strategy
+            url: update/waas-deployment-rings-windows-10-updates.md
+
+  # Card
+  - title: Deploy Windows 10
+    linkLists:
+      - linkListType: deploy
+        links:
+          - text: Deploy Windows 10 with Autopilot
+            url: windows-autopilot/windows-autopilot-scenarios.md
+          - text: Assign devices to servicing channels
+            url: update/waas-servicing-channels-windows-10-updates.md
+          - text: Deploy Windows 10 updates
+            url: update/index.md
+
+  # Card (optional)
+  - title: Also see
+    linkLists:
+      - linkListType: reference
+        links:
+          - text: Windows 10 release information
+            url: https://docs.microsoft.com/en-us/windows/release-information/
+          - text: What's new in Windows 10
+            url: https://docs.microsoft.com/en-us/windows/whats-new/
+          - text: Windows 10 Enterprise Security
+            url: https://docs.microsoft.com/en-us/windows/security/
--- a/windows/deployment/planning/TOC.md
+++ b/windows/deployment/planning/TOC.md
@ -1,37 +0,0 @@
-# [Plan for Windows 10 deployment](index.md)
-## [Windows 10 Enterprise FAQ for IT Pros](windows-10-enterprise-faq-itpro.md)
-## [Windows 10 deployment considerations](windows-10-deployment-considerations.md)
-## [Windows 10 compatibility](windows-10-compatibility.md)
-## [Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
-
-## Features removed or planned for replacement
-### [Windows 10 features lifecycle](features-lifecycle.md)
-### [Features we're no longer developing](windows-10-deprecated-features.md)
-### [Features we removed](windows-10-removed-features.md)
-
-## Application Compatibility Toolkit (ACT)
-### [Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md)
-### [SUA User's Guide](sua-users-guide.md)
-#### [Using the SUA Wizard](using-the-sua-wizard.md)
-#### [Using the SUA Tool](using-the-sua-tool.md)
-##### [Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md)
-##### [Showing Messages Generated by the SUA Tool](showing-messages-generated-by-the-sua-tool.md)
-##### [Applying Filters to Data in the SUA Tool](applying-filters-to-data-in-the-sua-tool.md)
-##### [Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md)
-### [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
-#### [Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
-##### [Available Data Types and Operators in Compatibility Administrator](available-data-types-and-operators-in-compatibility-administrator.md)
-##### [Searching for Fixed Applications in Compatibility Administrator](searching-for-fixed-applications-in-compatibility-administrator.md)
-##### [Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator](searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md)
-##### [Creating a Custom Compatibility Fix in Compatibility Administrator](creating-a-custom-compatibility-fix-in-compatibility-administrator.md)
-##### [Creating a Custom Compatibility Mode in Compatibility Administrator](creating-a-custom-compatibility-mode-in-compatibility-administrator.md)
-##### [Creating an AppHelp Message in Compatibility Administrator](creating-an-apphelp-message-in-compatibility-administrator.md)
-##### [Viewing the Events Screen in Compatibility Administrator](viewing-the-events-screen-in-compatibility-administrator.md)
-##### [Enabling and Disabling Compatibility Fixes in Compatibility Administrator](enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md)
-##### [Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator](installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md)
-#### [Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)
-##### [Understanding and Using Compatibility Fixes](understanding-and-using-compatibility-fixes.md)
-##### [Compatibility Fix Database Management Strategies and Deployment](compatibility-fix-database-management-strategies-and-deployment.md)
-##### [Testing Your Application Mitigation Packages](testing-your-application-mitigation-packages.md)
-#### [Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md)
-### [Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md)
--- a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
+++ b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
@ -1,54 +1,55 @@
---
-title: Best practice recommendations for Windows To Go (Windows 10)
-description: Best practice recommendations for Windows To Go
-ms.assetid: 05e6e0ab-94ed-4c0c-a195-0abd006f0a86
-ms.reviewer: 
-manager: laurawi
-ms.author: greglin
-keywords: best practices, USB, device, boot
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: mobility
-ms.sitesec: library
-audience: itpro
-author: greg-lindsay
-ms.topic: article
---
-
-# Best practice recommendations for Windows To Go
-
-
-**Applies to**
-
-   Windows 10
-
->[!IMPORTANT]
->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
-The following are the best practice recommendations for using Windows To Go:
-
-   Always shut down Windows and wait for shutdown to complete before removing the Windows To Go drive.
-   Do not insert the Windows To Go drive into a running computer.
-   Do not boot the Windows To Go drive from a USB hub. Always insert the Windows To Go drive directly into a port on the computer.
-   If available, use a USB 3.0 port with Windows To Go.
-   Do not install non-Microsoft core USB drivers on Windows To Go.
-   Suspend BitLocker on Windows host computers before changing the BIOS settings to boot from USB and then resume BitLocker protection.
-
-Additionally, we recommend that when you plan your deployment you should also plan a standard operating procedure for answering questions about which USB drives can be used for Windows To Go and how to enable booting from USB to assist your IT department or help desk in supporting users and work groups that want to use Windows To Go. It may be very helpful for your organization to work with your hardware vendors to create an IT standard for USB drives for use with Windows To Go, so that if groups within your organization want to purchase drives they can quickly determine which ones they should obtain.
-
-## More information
-
-
-[Windows To Go: feature overview](windows-to-go-overview.md)<br>
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)<br>
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)<br>
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)<br>
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)<br>
-
- 
-
- 
-
-
-
-
+---
+title: Best practice recommendations for Windows To Go (Windows 10)
+description: Best practice recommendations for Windows To Go
+ms.assetid: 05e6e0ab-94ed-4c0c-a195-0abd006f0a86
+ms.reviewer: 
+manager: laurawi
+ms.author: greglin
+keywords: best practices, USB, device, boot
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: mobility
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Best practice recommendations for Windows To Go
+
+
+**Applies to**
+
+-   Windows 10
+
+> [!IMPORTANT]
+> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
+
+The following are the best practice recommendations for using Windows To Go:
+
+-   Always shut down Windows and wait for shutdown to complete before removing the Windows To Go drive.
+-   Do not insert the Windows To Go drive into a running computer.
+-   Do not boot the Windows To Go drive from a USB hub. Always insert the Windows To Go drive directly into a port on the computer.
+-   If available, use a USB 3.0 port with Windows To Go.
+-   Do not install non-Microsoft core USB drivers on Windows To Go.
+-   Suspend BitLocker on Windows host computers before changing the BIOS settings to boot from USB and then resume BitLocker protection.
+
+Additionally, we recommend that when you plan your deployment you should also plan a standard operating procedure for answering questions about which USB drives can be used for Windows To Go and how to enable booting from USB to assist your IT department or help desk in supporting users and work groups that want to use Windows To Go. It may be very helpful for your organization to work with your hardware vendors to create an IT standard for USB drives for use with Windows To Go, so that if groups within your organization want to purchase drives they can quickly determine which ones they should obtain.
+
+## More information
+
+
+[Windows To Go: feature overview](windows-to-go-overview.md)<br>
+[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)<br>
+[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)<br>
+[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)<br>
+[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)<br>
+
+ 
+
+ 
+
+
+
+
+
--- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
+++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
@ -23,7 +23,7 @@ ms.topic: article
 - Windows 10

 > [!IMPORTANT]
-> Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
+> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.

 From the start, Windows To Go was designed to minimize differences between the user experience of working on a laptop and Windows To Go booted from a USB drive. Given that Windows To Go was designed as an enterprise solution, extra consideration was given to the deployment workflows that enterprises already have in place. Additionally, there has been a focus on minimizing the number of differences in deployment between Windows To Go workspaces and laptop PCs.

--- a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
+++ b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
@ -22,8 +22,8 @@ ms.topic: article

 -   Windows 10

->[!IMPORTANT]
->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
+> [!IMPORTANT]
+> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.

 The following information is provided to help you plan and design a new deployment of a Windows To Go in your production environment. It provides answers to the “what”, “why”, and “when” questions an IT professional might have when planning to deploy Windows To Go.

--- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
+++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
@ -22,8 +22,8 @@ ms.topic: article

 -   Windows 10

->[!IMPORTANT]
->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
+> [!IMPORTANT]
+> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.

 One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure.

--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@ -26,7 +26,9 @@ The features described below are no longer being actively developed, and might b

 |Feature    |  Details and mitigation  | Announced in version |
 | ----------- | --------------------- | ---- |
-| Hyper-V vSwitch on LBFO | In a future release, the Hyper-V vSwitch will no longer have the capability to be bound to an LBFO team.  Instead, it can be bound via [Switch Embedded Teaming](https://docs.microsoft.com/windows-server/virtualization/hyper-v-virtual-switch/rdma-and-switch-embedded-teaming#bkmk_sswitchembedded) (SET).| 1909 |
+| Companion Device Framework | The [Companion Device Framework](https://docs.microsoft.com/windows-hardware/design/device-experiences/windows-hello-companion-device-framework) is no longer under active development.| 2004 |
+| Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 |
+| Dynamic Disks | The [Dynamic Disks](https://docs.microsoft.com/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](https://docs.microsoft.com/windows-server/storage/storage-spaces/overview) in a future release.| 2004 |
 | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 |
 | My People / People in the Shell |  My People is no longer being developed. It may be removed in a future update. | 1909 |
 | Package State Roaming (PSR) |  PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user. <br>&nbsp;<br>The recommended replacement for PSR is [Azure App Service](https://docs.microsoft.com/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. | 1909 |
--- a/windows/deployment/planning/windows-10-removed-features.md
+++ b/windows/deployment/planning/windows-10-removed-features.md
@ -27,6 +27,9 @@ The following features and functionalities have been removed from the installed

 |Feature    |  Details and mitigation  | Removed in version |
 | ----------- | --------------------- | ------ |
+| Cortana | Cortana has been updated and enhanced in the Windows 10 May 2020 Update. With [these changes](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-2004#cortana), some previously available consumer skills such as music, connected home, and other non-Microsoft skills are no longer available. | 2004 |
+| Windows To Go | Windows To Go was announced as deprecated in Windows 10, version 1903 and is removed in this release. | 2004 |
+| Mobile Plans and Messaging apps | Both apps are still supported, but are now distributed in a different way. OEMs can now include these apps in Windows images for cellular enabled devices.  The apps are removed for non-cellular devices.| 2004 |
 | PNRP APIs| The Peer Name Resolution Protocol (PNRP) cloud service was removed in Windows 10, version 1809. We are planning to complete the removal process by removing the corresponding APIs.  | 1909 |
 | Taskbar settings roaming | Roaming of taskbar settings is removed in this release. This feature was announced as no longer being developed in Windows 10, version 1903. | 1909 |
 | Desktop messaging app doesn't offer messages sync |  The messaging app on Desktop has a sync feature that can be used to sync SMS text messages received from Windows Mobile and keep a copy of them on the Desktop. The sync feature has been removed from all devices. Due to this change, you will only be able to access messages from the device that received the message.  | 1903 |
--- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md
+++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md
@ -22,8 +22,8 @@ ms.topic: article

 -   Windows 10

->[!IMPORTANT]
->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
+> [!IMPORTANT]
+> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.

 The following list identifies some commonly asked questions about Windows To Go.

--- a/windows/deployment/planning/windows-to-go-overview.md
+++ b/windows/deployment/planning/windows-to-go-overview.md
@ -23,7 +23,7 @@ ms.topic: article
 - Windows 10

 > [!IMPORTANT]
-> Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
+> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.

 Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs.

--- a/windows/deployment/update/create-deployment-plan.md
+++ b/windows/deployment/update/create-deployment-plan.md
@ -0,0 +1,140 @@
+---
+title: Create a deployment plan
+description: Devise the number of deployment rings you need and how you want to populate them
+ms.prod: w10
+ms.mktglfcycl: manage
+author: jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.reviewer: 
+manager: laurawi
+ms.topic: article
+---
+
+# Create a deployment plan
+
+A service management mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. And once this process is used for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
+
+When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices, and we’ve found that ring-based deployment is a methodology that works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows 10 are similar to the deployment groups most organizations constructed for previous major revision upgrades--they are simply a method by which to separate devices into a deployment timeline.
+
+At the highest level, each “ring” comprise a group of users or devices that receive a particular update concurrently. For each ring, IT administrators set criteria to control deferral time or adoption (completion) that should be met before deployment to the next broader ring of devices or users can occur.
+
+A common ring structure comprises three deployment groups:
+
+- Preview: Planning and development
+- Limited: Pilot and validation
+- Broad: Wide deployment
+
+> [!NOTE]
+> Organizations often use different names for their “rings," for example:
+> - First > Fast > Broad
+> - Canaries > Early Adopters > Users
+> - Preview > Broad > Critical
+
+
+## How many rings should I have?
+
+There are no definite rules for exactly how many rings to have for your deployments. As mentioned previously, you might want to ensure zero downtime for mission-critical devices by putting them in their own ring. If you have a large
+organization, you might want to consider assigning devices to rings based on geographic location or the size of rings so that helpdesk resources are more available. Consider the needs of your business and introduce rings that make sense for your organization.
+
+## Advancing between rings
+
+There are basically two strategies for moving deployments from one ring to the next. One is service based, the other project based.
+
+- "Red button" (service based): Assumes that content is good until proven bad. Content flows until an issue is discovered, at which point the IT administrator presses the “red button” to stop further distribution.
+- Green button (project based): Assumes that content is bad until proven good. Once all validation has passed, the IT administrator presses the “green button” to push the content to the next ring.
+
+When it comes to deployments, having manual steps in the process usually impedes update velocity, so a "red button" strategy is better when that is your goal. 
+
+## Preview ring
+
+The purpose of the Preview ring is to evaluate the new features of the update. This is specifically *not* for broad parts of the organization but is limited to the people who are responsible for knowing what is coming next,
+generally IT administrators. Ultimately, this is the time the design and planning work happens so that when the public update is actually shipped, you can have greater confidence in the update.
+
+> [!NOTE]
+> Being part of the [Windows Insider Program](https://insider.windows.com/for-business/) gives you early access to Windows releases so that you can use Insider Preview builds in your Preview ring to validate your apps and infrastructure, preparing you for public Windows releases. 
+
+
+### Who goes in the Preview ring?
+
+The Preview ring users are the most tech savvy and resilient people, who will not lose productivity if something goes wrong. In general, these are IT pros, and perhaps a few people in the business organization.
+
+During your plan and prepare phases, these are the activities you should focus on:
+
+- Work with Windows Insider Preview builds.
+- Identify the features and functionality your organization can or wants to use.
+- Establish who will use the features and how they will benefit.
+- Understand why you are putting the update out.
+- Plan for usage feedback.
+
+Remember, you are working with pre-release software in the Preview ring and you will be evaluating features and testing the update for a targeted release.
+
+> [!IMPORTANT]
+> If you are using Windows Insider (pre-release) releases for your preview ring and you are using WSUS or Windows Update for Business, be sure to set the following policies to allow for Preview builds:
+> - **Manage Preview Builds: 2 - Enable preview builds**
+> • Under **Branch Readiness Level**, select **When Preview Builds and Feature Updates are Received: 4--Windows Insider Program Slow**
+
+## Limited ring
+
+The purpose of the Limited ring is to validate the update on representative devices across the network. During this period, data, and feedback is generated to enable the decision to move forward to broader deployment. Desktop
+Analytics can help with defining a good Limited ring of representative devices and assist in monitoring the deployment.
+
+### Who goes in the Limited ring?
+
+The most important part of this phase is finding a representative sample of devices and applications across your network. If possible, all hardware and all applications should be represented, and it's important that the people selected for this ring are using their devices regularly in order to generate the data you will need to make a decision for broader deployment across your organization. The IT department, lab devices, and users with the most cutting-edge hardware usually don’t have the applications or device drivers that are truly a representative sample of your network.
+
+
+During your pilot and validate phases, these are the activities you should focus on:
+
+- Deploy new innovations.
+- Assess and act if issues are encountered.
+- Move forward unless blocked.
+
+When you deploy to the Limited ring, you’ll be able to gather data and react to incidents happening in the environment, quickly addressing any issues that might arise. Ensure you monitor for sufficient adoption within this ring, because your Limited ring represents your organization across the board, and when you achieve sufficient adoption, you can have confidence that your broader deployment will run more smoothly.
+
+## Broad deployment
+
+Once the devices in the Limited ring have had a sufficient stabilization period, it’s time for broad deployment across the network.
+
+### Who goes in the Broad deployment ring?
+
+In most businesses, the Broad ring includes the rest of your organization. Because of the work in the previous ring to vet stability and minimize disruption (with diagnostic data to support your decision) broad deployment can occur relatively quickly.
+
+> [!NOTE]
+> In some instances, you might hold back on mission critical devices (such as medical devices) until deployment in the Broad ring is complete. Get best practices and recommendations for deploying Windows 10 feature
+> updates to mission critical devices.
+
+During the broad deployment phase, these are the activities you should focus on:
+
+- Deploy to all devices in the organization.
+- Work through any final unusual issues that were not detected in your Limited ring.
+
+
+## Ring deployment planning
+
+Previously, we have provided methods for analyzing your deployments, but these have generally been standalone tools to assess, manage and execute deployments. In other words, you would generate an analysis, make a deployment strategy, and then move to your console for implementation, repeating these steps for each deployment. We have combined many of these tasks, and more, into a single interface with Desktop Analytics.
+
+
+[Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview) is a cloud-based service and a key tool in [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/configmgr/core/understand/microsoft-endpoint-manager-faq). Using artificial intelligence and machine learning, Desktop Analytics is a powerful tool to give you insights and intelligence to
+make informed decisions about the readiness of your Windows devices.
+
+In Windows 10 deployments, we have seen compatibility issues on < 0.5% of apps when using Desktop Analytics. Using Desktop Analytics with Microsoft Endpoint Manager can help you assess app compatibility with the latest
+feature update and create groups that represent the broadest number of hardware and software configurations on the smallest set of devices across your organization. In addition, Desktop Analytics can provide you with a device and software inventory and identify issues, giving you data that equate to actionable decisions.
+
+> [!IMPORTANT]
+> Desktop Analytics does not support preview (Windows Insider) builds; use Configuration Manager to deploy to your Preview ring. As noted previously, the Preview ring is a small group of devices represents your ecosystem very well in terms of app, driver, and hardware diversity.
+
+### Deployment plan options
+
+There are two ways to implement a ring deployment plan, depending on how you manage your devices:
+
+- If you are using Configuration Manager: Desktop Analytics provides end-to-end deployment plan integration so that you can also kick off phased deployments within a ring. Learn more about [deployment plans in Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/about-deployment-plans).
+- If you are using Microsoft Intune, see [Create deployment plans directly in Intune](https://docs.microsoft.com/mem/intune/fundamentals/planning-guide).
+
+For more about Desktop Analytics, see these articles:
+
+- [How to set up Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/set-up)
+- [Tutorial: Deploy Windows 10 to Pilot](https://docs.microsoft.com/mem/configmgr/desktop-analytics/tutorial-windows10)
+- [Desktop Analytics documentation](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview)
+- [Intune deployment planning, design, and implementation guide](https://docs.microsoft.com/mem/intune/fundamentals/planning-guide)
+
--- a/windows/deployment/update/deploy-updates-configmgr.md
+++ b/windows/deployment/update/deploy-updates-configmgr.md
@ -0,0 +1,20 @@
+---
+title: Deploy Windows 10 updates with Configuration Manager (Windows 10)
+description: Deploy Windows 10 updates with Configuration Manager
+ms.prod: w10
+ms.mktglfcycl: manage
+author: jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.reviewer: 
+manager: laurawi
+ms.topic: article
+---
+
+# Deploy Windows 10 updates with Configuration Manager
+
+**Applies to**
+
+- Windows 10
+
+See the Microsoft Endpoint Configuration Manager [documentation](https://docs.microsoft.com/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) for details about using Configuration Manager to deploy and manage Windows 10 updates.
--- a/windows/deployment/update/eval-infra-tools.md
+++ b/windows/deployment/update/eval-infra-tools.md
@ -0,0 +1,71 @@
+---
+title: Evaluate infrastructure and tools
+ms.reviewer: 
+manager: laurawi
+description: 
+keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+author: jaimeo
+ms.localizationpriority: medium
+ms.audience: itpro
+author: jaimeo
+ms.topic: article
+ms.collection: M365-modern-desktop
+---
+
+# Evaluate infrastructure and tools
+
+Before you deploy an update, it's best to assess your deployment infrastucture (that is, tools such as Configuration Manager, Microsoft Intune, or similar) and current configurations (such as security baselines, administrative templates, and policies that affect updates). Then, set some criteria to define your operational readiness.
+
+## Infrastructure
+
+Do your deployment tools need updates?
+
+- If you use Configuration Manager, is it on the Current Branch with the latest release installed. This ensures that it supports the next Windows 10 feature update. Configuration Manager releases are supported for 18 months.
+- Using a cloud-based management tool like Microsoft Intune reduces support challenges, since no related products need to be updated.
+- If you use a non-Microsoft tool, check with its product support to make sure you're using the current version and that it supports the next Windows 10 feature update.
+
+Rely on your experiences and data from previous deployments to help you judge how long infrastructure changes take and identify any problems you've encountered while doing so.
+
+## Device settings
+
+Make sure your security basline, administrative templates, and policies have the right settings to support your devices once the new Windows 10 update is installed.
+
+### Security baseline
+
+Keep security baslines current to help ensure that your environment is secure and that new security feature in the coming Windows 10 update are set properly.
+
+- **Microsoft security baselines**: You should implement security baselines from Microsoft. They are included in the [Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319), along with tools for managing them. 
+- **Industry- or region-specific baselines**: Your specific industry or region might have particular baselines that you must follow per regulations. Ensure that any new baselines support the version of Windows 10 you are about to deploy.
+
+### Configuration updates
+
+There are a number of Windows policies (set by Group Policy, Intune, or other methods) that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. Check these policies to make sure they are set appropriately.
+
+- **Windows 10 Administrative templates**: Each Windows 10 feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 10, version 1909](https://www.microsoft.com/download/100591).
+- **Policies for update compliance and end-user experience**: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones. 
+
+
+## Define operational readiness criteria
+
+When you’ve deployed an update, you’ll need to make sure the update isn’t introducing new operational issues. And you’ll also ensure that if incidents arise, the needed documentation and processes are available. To achieve this, work with your operations and support team to define acceptable trends and what documents or processes require updating:
+
+- **Call trend**: Define what percentage increase in calls relating to Windows 10 feature updates are acceptable or can be supported.
+- **Incident trend**: Define what percentage of increase in calls asking for support relating to Windows 10 feature updates are acceptable or can be supported.
+- **Support documentation**: Review supporting documentation that requires an update to support new infrastructure tooling or configuration as part of the Windows 10 feature update.
+- **Process changes:** Define and update any processes that will change as a result of the Windows 10 feature update.
+
+Your operations and support staff can help you determine if the appropriate information is being tracked at the moment. If it isn't, work out how to get get this information so you can gain the right insight. 
+
+## Tasks
+
+Finally, you can begin to carry out the work needed to ensure your infrastructure and configuration can support the update. To help you keep track, you can classify the work into the following overarching tasks:
+
+- **Review infrastructure requirements**: Go over the details of requirements to support the update, and ensure they’ve all been defined.
+- **Validate infrastructure against requirements**: Compare your infrastructure against the requirements that have been identified for the update.
+- **Define infrastructure update plan**: Detail how your infrastructure must change to support the update.
+- **Review current support volume**: Understand the current support volume to understand how much of an effect the update has when it’s been deployed.
+- **Identify gaps that require attention**: Identify issues that will need to be addressed to successfully deploy the update. For example, will your infrastructure engineer have to research how a new feature that comes with the update might affect the infrastructure?
+- **Define operational update plan**: Detail how your operational services and processes must change to support the update.
--- a/windows/deployment/update/images/DO-absolute-bandwidth.png
+++ b/windows/deployment/update/images/DO-absolute-bandwidth.png
--- a/windows/deployment/update/images/annual-calendar.png
+++ b/windows/deployment/update/images/annual-calendar.png
--- a/windows/deployment/update/images/rapid-calendar.png
+++ b/windows/deployment/update/images/rapid-calendar.png
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@ -42,7 +42,7 @@ You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https

 ![Table with columns labeled Title, Products, Classification, Last Updated, Version, and Size and four rows listing various dynamic updates and associated KB articles](images/update-catalog.png)

-The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the s. And you'll need to check various parts of the results to be sure you've identified the needed files. This table shows in <em>bold</em> the key items to search for or look for in the results. For example, to find the relevant "Setup Dynamic Update," you'll have to check the detailed description for the download by selecting the link in the **Title** column of the search results.
+The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. And you'll need to check various parts of the results to be sure you've identified the needed files. This table shows in <em>bold</em> the key items to search for or look for in the results. For example, to find the relevant "Setup Dynamic Update," you'll have to check the detailed description for the download by selecting the link in the **Title** column of the search results.


 |To find this Dynamic Update packages, search for or check the results here-->  |Title  |Product  |Description (select the **Title** link to see **Details**)  |
--- a/windows/deployment/update/plan-define-readiness.md
+++ b/windows/deployment/update/plan-define-readiness.md
@ -0,0 +1,115 @@
+---
+title: Define readiness criteria
+ms.reviewer: 
+manager: laurawi
+description: Identify important roles and figure out how to classify apps
+keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+author: jaimeo
+ms.localizationpriority: medium
+ms.audience: itpro
+author: jaimeo
+ms.topic: article
+ms.collection: M365-modern-desktop
+---
+
+# Define readiness criteria
+
+## Figure out roles and personnel
+
+Planning and managing a deployment involves a variety of distinct activies and roles best suited to each. As you plan, it's worth figuring out which roles you'll need to carry out the deployment and who should fill them. Different roles are active at various phases of a deployment. Depending on the size and complexity of your organization, some of the roles could be filled by the same person. However, it's best to have an established *process manager*, who will oversee all of the tasks for the deployment.
+
+### Process manager
+
+The process manager leads the update deployment process and has the authority to push the process forward--or halt it if necessary. They also have responsibilities in organizing these activities:
+
+
+|Compatibility workstream  |Deployment  |Capability and modernization  |
+|---------|---------|---------|
+|[Assigning application priority](#set-criteria-for-rating-apps)     |  Reviewing infrastructure requirements       | Determining infrastructure changes        |
+|Application assessment     | Validating infrastructure against requirements        | Determining configuration changes        |
+|Device assessment     |  Creating infrastructure update plan       | Create capability proposal        |
+
+It's the process manager's role to collect reports on remediation efforts, escalate failures, and to decide whether your environment is ready for pilot deployment and then broad deployment.
+
+
+This table sketches out one view of the other roles, with their responsibilities, relevant skills, and the deployment phases where they are needed:
+
+
+|Role  |Responsibilities  |Skills  |Active phases  |
+|---------|---------|---------|---------|
+|Process manager     | Manages the process end to end; ensures inputs and outputs are captures; ensures that activities progress        | IT service management        | Plan, prepare, pilot deployment, broad deployment        |
+|Application owner     | Define application test plan; assign user acceptance testers; certify the application         | Knowledge of critical and important applications        | Plan, prepare, pilot deployment        |
+|Application developer     | Ensure apps are developed to stay compatible with current Windows versions        | Application development; application remediation        | Plan, prepare        |
+|End-user computing     | Typically a group including infrastructure engineers or deployment engineers who ensure upgrade tools are compatible with Windows        | Bare-metal deployment; infrastructure management; application delivery; update management        | Plan, prepare, pilot deployment, broad deployment        |
+|Operations     | Ensure that support is available for current Windows version. Provide post-deployment support, including user communication and rollbacks.        | Platform security        | Prepare, pilot deployment, broad deployment        |
+|Security     | Review and approve the security baseline and tools        | Platform security        | Prepare, pilot deployment        |
+|Stakeholders     | Represent groups affected by updates, for example, heads of finance, end-user services, or change management        | Key decision maker for a business unit or department        | Plan, pilot deployment, broad deployment        |
+
+
+
+
+
+
+## Set criteria for rating apps
+
+Some apps in your environment are fundamental to your core business activities. Other apps help workers perform their roles, but aren’t critical to your business operations. Before you start inventorying and assessing the apps in your environment, you should establish some criteria for categorizing your apps, and then determine a priority for each. This will help you understand how best to deploy updates and how to resolve any issues that could arise.
+
+In the Prepare phase, you'll apply the criteria you define now to every app in your organization.
+
+Here's a suggested classification scheme:
+
+
+|Classification  |Definition|
+|---------|---------|
+|Critical     | The most vital applications that handle core business activities and processes. If these applications were not available, the business, or a business unit, couldn't function at all. |
+|Important     | Applications that individual staff members need to support their productivity. Downtime here would affect individual users, but would only have a minimal impact on the business.       |
+|Not important   | There is no impact on the business if these apps are not available for a while.        |
+
+Once you have classified your applications, you should agree what each classification means to the organization in terms of priority and severity. This will help ensure that you can triage problems with the right level of urgency. You should assign each app a time-based priority.
+
+Here's an example priority rating system; of course the specifics could vary for your organization:
+
+
+|Priority  |Definition  |
+|---------|---------|
+|1        | Any issues or risks identified must be investigated and resolved as soon as possible.        |
+|2     | Start investigating risks and issues within two business days and fix them *during* the current deployment cycle.    |
+|3     | Start investigating risks and issues within 10 business days. You don’t have to fix them all within the current deployment cycle. However, all issues must be fixed by the end of the next deployment cycle.        |
+|4     | Start investigating risks and issues within 20 business days. You can fix them in the current or any future development cycle.        |
+
+Related to priority, but distinct, is the concept of severity. You should define a severity ranking as well, based on how you feel a problem with an app should affect the deployment cycle.
+
+Here's an example:
+
+
+|Severity  |Effect  |
+|---------|---------|
+|1     | Work stoppage or loss of revenue        |
+|2     | Productivity loss for a business unit        |
+|3     | Productivity loss for individual users         |
+|4     | Minimal impact on users        |
+
+## Example: a large financial corporation
+
+Using the suggested scheme, a financial corporation might classify their apps like this:
+
+
+|App  |Classification  |
+|---------|---------|
+|Credit processing app     | Critical        |
+|Frontline customer service app     |  Critical       |
+|PDF viewer     | Important        |
+|Image processing app     | Not important        |
+
+Further, they might combine this classification with severity and priority rankings like this:
+
+
+|Classification  |Severity  |Priority  |Response  |
+|---------|---------|---------|---------|
+|Critical     |  1 or 2       |  1 or 2       | For 1, stop deployment until resolved; for 2, stop deployment for affected devices or users only.       |
+|Important     | 3 or 4        |  3 or 4       | For 3, continue deployment, even for affected devices, as long as there is workaround guidance.        |
+|Not important     |   4      | 4        |  Continue deployment for all devices.       |
+
--- a/windows/deployment/update/plan-determine-app-readiness.md
+++ b/windows/deployment/update/plan-determine-app-readiness.md
@ -0,0 +1,76 @@
+---
+title: Determine application readiness
+ms.reviewer: 
+manager: laurawi
+description: How to test your apps to know which need attention prior to deploying an update
+keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+author: jaimeo
+ms.localizationpriority: medium
+ms.audience: itpro
+author: jaimeo
+ms.topic: article
+ms.collection: M365-modern-desktop
+---
+
+# Determine application readiness
+
+Before you deploy a Windows 10 update, you should know which apps will continue to work without problems, which need their own updates, and which just won't work and must be replaced. If you haven't already, it's worth [classifying your apps]<link to plan-define-readiness> with respect to their criticality in your organization.
+
+## Validation methods
+
+You can choose from a variety of methods to validate apps. Exactly which ones to use will depend on the specifics of your environment.
+
+
+|Validation method  |Description  |
+|---------|---------|
+|Full regression     | A full quality assurance probing. Staff who know the application very well and can validate its core functionality should do this.        |
+|Smoke testing     | The application goes through formal validation. That is, a user validates the application following a detailed plan, ideally with limited, or no knowledge of the application they’re validating.        |
+|Automated testing     |  Software performs tests automatically. The software will let you know whether the tests have passed or failed, and will provide detailed reporting for you automatically.    |
+|Test in pilot     | You pre-select users to be in the pilot deployment group and carry out the same tasks they do on a day-to-day basis to validate the application. Normally you use this method in addition to one of the other validation types.        |
+|Reactive response     | Applications are validated in late pilot, and no specific users are selected. These are normally applications aren't installed on many devices and aren’t handled by enterprise application distribution.        |
+
+Combining the various validation methods with the app classifications you've previously established might look like this:
+
+
+|Validation method  |Critical apps  |Important apps  |Not important apps  |
+|---------|---------|---------|---------|
+|Full regression     | x        |         |         |
+|Smoke testing     |         | x        |         |
+|Automated testing     |  x       |   x      |  x       |
+|Test in pilot     |  x       |  x       |  x       |
+
+
+## Identify users
+
+Since your organization no doubt has a wide variety of users, each with different background and regular tasks, you'll have to choose which users are best suited for validation testing. Some factors to consider include:
+
+- **Location**: If users are in different physical locations, can you support them and get validation feedback from the region they're in?
+- **Application knowledge**: Do the users have appropriate knowledge of how the app is supposed to work?
+- **Technical ability**: Do the users have enough technical competence to provide useful feedback from various test scenarios?
+
+You could seek volunteers who enjoy working with new features and include them in the pilot deployment. You might want to avoid using core users like department heads or project managers. Current application owners, operations personnel, and developers can help you identify the most appropriate pilot users.
+
+## Identify and set up devices for validation
+
+In addition to users, it's important to carefully choose devices to participate in app validation as well. For example, ideally, your selection will include devices representing all of the hardware models in your environment.
+
+There is more than one way to choose devices for app validation:
+
+- **Existing pilot devices**: You might already have a list of devices that you regularly use for testing updates as part of release cycles.
+- **Manual selection**: Some internal groups like operations will have expertise to help choose devices manually based on specifications, usage, or records of past support problems.
+- **Data-driven analysis**: With appropriate tools, you can use diagnostic data from devices to inform your choices.
+
+
+## Desktop Analytics
+
+Desktop Analytics can make all of the tasks discussed in this article significantly easier:
+
+- Creating and maintaining an application and device inventory
+- Assign owners to applications for testing
+- Automatically apply your app classifications (critical, important, not important)
+- Automatically identify application compatibility risks and provide recommendations for reducing those risks
+
+For more information, see [What is Desktop Analytics?](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview)
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@ -0,0 +1,204 @@
+---
+title: Policies for update compliance, activity, and end-user experience
+ms.reviewer: 
+manager: laurawi
+description: 
+keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+author: jaimeo
+ms.localizationpriority: medium
+ms.audience: itpro
+author: jaimeo
+ms.topic: article
+ms.collection: M365-modern-desktop
+---
+
+# Policies for update compliance, activity, and end-user experience
+Keeping devices up to date is the best way to keep them working smoothly and securely. 
+
+## Deadlines for update compliance
+
+You can control how strictly devices must reliably keep to your desired update schedule by using update deadline policies. Windows components adapt based on these deadlines. Also, they can make tradeoffs between user experience and velocity in order to meet your desired update deadlines. For example, they can prioritize user experience well before the
+deadline approaches, and then prioritize velocity as the deadline nears, while still affording the user some control.
+
+### Deadlines
+
+Beginning with Windows 10, version 1903 and with the August 2019 security update for Windows 10, version 1709
+and late, a new policy was introduced to replace older deadline-like policies: **Specify deadlines for automatic updates and restarts**.
+
+The older policies started enforcing deadlines once the device reached a “restart pending” state for
+an update. The new policy starts the countdown for the update installation deadline from when the
+update is published plus any deferral. In addition, this policy includes a configurable grace period and the option
+to opt out of automatic restarts until the deadline is reached (although we recommend always allowing automatic
+restarts for maximum update velocity).
+
+> [!IMPORTANT]
+> If you use the new **Specify deadlines for automatic updates and restarts** setting in Windows 10,
+> version 1903, you must disable the [older deadline policies](wufb-compliancedeadlines.md#prior-to-windows-10-version-1709) because they could conflict.
+
+We recommend you set deadlines as follows:
+- Quality update deadline, in days: 3
+- Feature update deadline, in days: 7
+- 
+Notifications are automatically presented to the user at appropriate times, and users can choose to be reminded
+later, to reschedule, or to restart immediately, depending on how close the deadline is. We recommend that you
+do **not** set any notification policies, because they are automatically configured with appropriate defaults. An exception is if you
+have kiosks or digital signage.
+
+While three days for quality updates and seven days for feature updates is our recommendation, you might decide
+you want more or less, depending on your organization and its requirements, and this policy is configurable down
+to a minimum of two days.
+
+
+> [!IMPORTANT]
+> If the device is unable to reach the Internet, it can't determine when Microsoft
+> published the update, so it won't be able to enforce the deadline. Learn more about [low activity devices](#device-activity-policies).
+
+### Grace periods
+
+You can set a period of days for Windows to find a minimally disruptive automatic restart time before the restart is enforced. This
+is especially useful in cases where a user has been away for many days (for example, on vacation) so that the device will not
+be forced to update immediately when the user returns.
+
+We recommend you set the following:
+
+- Grace period, in days: 2
+
+Once the deadline and grace period have passed, updates are applied automatically, and a restart occurs
+regardless of [active hours](#active-hours).
+
+
+### Let Windows choose when to restart
+
+Windows can use user interactions to dynamically identify the least disruptive time for an
+automatic restart. To take advantage of this feature, ensure **ConfigureDeadlineNoAutoReboot** is set to
+**Disabled**.
+
+## Device activity policies
+
+Windows typically requires that a device is active and connected to the internet for at least six hours, with at least two
+of continuous activity, in order to successfully complete a system update. The device could have other
+physical circumstances that prevent successful installation of an update--for example, if a laptop is running low
+on battery power, or the user has shut down the device before active hours end and the device cannot comply
+with the deadline.
+
+You can use the settings in this section to ensure that devices are actually available to install updates during the update compliance period.
+
+### Active hours
+
+"Active hours" identify the period of time when a device is expected to be in use. Normally, restarts will occur outside of
+these hours. Windows 10, version 1903 introduced "intelligent active hours," which allow the system to learn active hours based on a user’s activities, rather than you as an administrator having to make decisions for your organization or allowing the user to choose active hours that minimize the period when the system can install an update.
+
+> [!IMPORTANT]
+> If you used the **Configure Active Hours** setting in previous versions of Windows 10, these
+options must be **Disabled** in order to take advantage of intelligent active hours.
+
+If you do set active hours, we recommend setting the following policies to **Disabled** in order to increase update
+velocity:
+
+- [Delay automatic reboot](waas-restart.md#delay-automatic-reboot). While it’s possible to set the system to delay restarts for users who are logged
+in, this might delay an update indefinitely if a user is always either logged in or shut down. Instead, we
+recommend setting the following polices to **Disabled**:
+    - **Turn off auto-restart during active hours**
+    - **No auto-restart with logged on users for scheduled automatic updates**
+
+    - [Limit restart delays](waas-restart.md#limit-restart-delays). By using compliance deadlines, your users will receive notifications that
+updates will occur, so we recommend that you set this policy to **Disabled**, to allow compliance deadlines to eliminate the user’s ability to delay a restart outside of compliance deadline settings.
+
+- **Do not allow users to approve updates and reboots**. Letting users approve or engage with the update process outside of the deadline policies decreases update velocity and increases risk. These policies should be set to **Disabled**:
+    - [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval)
+    - [Update/EngagedRestartDeadline](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-engagedrestartdeadline)
+    - [Update/EngagedRestartDeadlineForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-engagedrestartdeadlineforfeatureupdates)
+    - [Update/EngagedRestartSnoozeSchedule](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-engagedrestartsnoozeschedule)
+    - [Update/EngagedRestartSnoozeScheduleForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-engagedrestartsnoozescheduleforfeatureupdates)
+    - [Update/EngagedRestartTransitionSchedule](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-engagedrestarttransitionschedule)
+
+- [Configure automatic update](waas-wu-settings.md#configure-automatic-updates). By properly setting policies to configure automatic updates, you can increase update velocity by having clients contact a Windows Server Update Services (WSUS) server so it can manage them. We recommend that you set this policy to **Disabled**. However, if you need to provide values, ensure that you set downloads to install automatically by setting the [Group Policy](waas-manage-updates-wsus.md#configure-automatic-updates-and-update-service-location) to **4**. If you’re using Microsoft Intune, setting the value to [Reset to Default](https://docs.microsoft.com/mem/intune/protect/windows-update-settings#user-experience-settings).
+- **Allow auto Windows Update to download over metered networks**. Since more and more devices primarily use cellular data and do not have wi-fi access, consider allowing users to automatically download updates from a metered network. Though the default setting does not allow download over a metered network, setting this value to **1** can increase velocity by enabling users to get updates whether they are connected to the internet or not, provided they have cellular service. 
+
+> [!IMPORTANT]
+> Older versions of Windows don't support intelligent active hours. If your device runs a version of Windows prior to Windows 10, version 1903, we recommend setting the following policies:
+>- [Configure active hours](waas-restart.md#configure-active-hours). Starting with Windows 10, version 1703, you can specify a maximum active-hour range which is counted from the active hours start time. We recommend setting
+this value to **10**.
+>- [Schedule update installation](waas-restart.md#schedule-update-installation). In the **Configure Automatic Updates** settings, there are two ways to control a forced restart after a specified installation time. If you use **schedule update installation**, do not enable both settings because they will most likely conflict.
+>    - **Specify automatic maintenance time**. This setting lets you set broader maintenance windows for updates and ensures that this schedule does not conflict with active hours. We
+recommend setting this value to **3** (corresponding to 3 AM). If 3:00 AM is in the middle of the work shift, pick another time that is at least a couple hours before your scheduled work time begins.
+>    - **Schedule the install time**. This setting allows you to schedule an installation time for a restart. We do *not* recommend you set this to **Disabled** as it could conflict with active hours. 
+
+### Power policies
+
+Devices must actually be available during non-active hours in order to an update. They can't do this if power policies prevent them from waking up. In our organization, we strive to set a balance between security and eco-friendly configurations. We recommend the following settings to achieve what we feel are the appropriate tradeoffs:
+
+To a user, a device is either on or off, but for Windows, there are states that will allow an update to occur (active) and states that do not (inactive). Some states are considered active (sleep), but the user may think the device is off. Also, there are power statuses (plugged in/battery) that Windows checks before starting an update.
+
+You can override the default settings and prevent users from changing them in order to ensure that devices are available for updates during non-active hours.
+
+> [!NOTE]
+> One way to ensure that devices can install updates when you need them to is to educate your users to keep devices plugged in during non-active hours. Even with the best policies, a device that isn't plugged in will not be updated, even in sleep mode.
+
+We recommend these power management settings:
+
+- Sleep mode (S1 or S0 Low Power Idle or [Modern Standby](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby)). When a device is in sleep mode, the system
+appears to be off but if an update is available, it can wake the device up in order to take an update. The
+power consumption in sleep mode is between working (system fully usable) and hibernate (S4 - lowest
+power level before shutdown). When a device is not being used, the system will generally move to sleep
+mode before it goes to hibernate. Issues in velocity arise when the time between sleep and hibernate is
+too short and Windows does not have time to complete an update. Sleep mode is an important setting
+because the system can wake the system from sleep in order to start the update process, as long as there
+is enough power.
+
+Set the following policies to **Enable** or **Do Not Configure** in order to allow the device to use sleep mode:
+- [Power/AllowStandbyStatesWhenSleepingOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#power-allowstandbystateswhensleepingonbattery)
+- [Power/AllowStandbyWhenSleepingPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#power-selectlidcloseactionpluggedin)
+
+Set the following policies to **1 (Sleep)** so that when a user closes the lid of a device, the system goes to
+sleep mode and the device has an opportunity to take an update:
+- [Power/SelectLidCloseActionOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#power-selectlidcloseactiononbattery)
+- [Power/SelectLidCloseActionPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#power-selectlidcloseactionpluggedin)
+
+- **Hibernate**. When a device is hibernating, power consumption is very low and the system cannot wake up
+without user intervention, like pressing the power button. If a device is in this state, it cannot be updated
+unless it supports an ACPI Time and Alarm Device (TAD). That said, if a device supporting Traditional Sleep
+(S3) is plugged in, and a Windows update is available, a hibernate state will be delayed until the update is complete.
+
+> [!NOTE]
+> This does not apply to devices that support Modern Standby (S0 Low Power Idle). You can check which system sleep state (S3 or S0 Low Power Idle) a device supports by running `powercfg /a` at a command prompt. For more, see [Powercfg options](https://docs.microsoft.com/windows-hardware/design/device-experiences/powercfg-command-line-options#option_availablesleepstates).
+
+The default timeout on devices that support traditional sleep is set to three hours. We recommend that you do not reduce these policies in order to allow Windows Update the opportunity to restart the device before sending it into hibernation:
+
+- [Power/HibernateTimeoutOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#power-hibernatetimeoutonbattery)
+- [Power/HibernateTimeoutPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#power-hibernatetimeoutpluggedin)
+
+## Old or conflicting policies
+
+Each release of Windows 10 can introduce new policies to make the experience better for both administrators and their organizations. When we release a new client policy, we either release it purely for that release and later or we backport the policy to make it available on earlier versions. 
+
+> [!IMPORTANT]
+> If you are using Group Policy, note that we don't update the old ADMX templates and you must use the newer (1903) ADMX template in order to use the newer policy. Also, if you are
+> using an MDM tool (Microsoft or non-Microsoft), you can't use the new policy until it's available in the tool interface.
+
+As administrators, you have set up and expect certain behaviors, so we expressly do not remove older policies since they were set up for your particular use cases. However, if you set a new policy without disabling a similar older policy, you could have conflicting behavior and updates might not perform as expected.
+
+> [!IMPORTANT] 
+> We sometimes find that administrators set devices to get both Group Policy settings and MDM settings from an MDM server such as Microsoft Intune. Policy conflicts are handled differently, depending on how they are ultimately set up:
+> - Windows updates: Group Policy settings take precedence over MDM.
+> - Microsoft Intune: If you set different values for the same policy on two different groups, you will
+> receive an alert and neither policy will be set until the conflict is resolved.
+> It is crucial that you disable conflicting policies in order for devices in your organization to take updates as
+> expected. For example, if a device is not reacting to your MDM policy changes, check to see if a similar
+> policy is set in Group Policy with a differing value.
+> If you find that update velocity is not as high as you expect or if some devices are slower than others, it might be
+> time to clear all polices and settings and specify only the recommended update policies. See the Policy and settings reference for a consolidated list of recommended polices.
+
+The following are policies that you might want to disable because they could decrease update velocity or there are better policies to use that might conflict:
+- **Defer Feature Updates Period in Days**. For maximum update velocity, it's best to set this to **0** (no
+deferral) so that the feature update can complete and monthly security updates will be offered again. Even if there is an urgent quality update that must be quickly deployed, it is best to use **Pause Feature
+Updates** rather than setting a deferral policy. You can choose a longer period if you don't want to stay up to date with the latest feature update.
+- **Defer Quality Updates Period in Days**. To minimize risk and maximize update velocity, the maximum time you might want to consider while evaluating the update with a different ring of devices is two to three days.
+- **Pause Feature Updates Start Time**. Set to **Disabled** unless there is a known issue requiring time for a resolution.
+- **Pause Quality Updates Start Time**. Set to **Disabled** unless there is a known issue requiring time for a resolution.
+- **Deadline No Auto Reboot**. Default is **Disabled – Set to 0** . We recommend that devices automatically try to restart when an update is received. Windows uses user interactions to dynamically identify the least disruptive time to restart.
+
+There are additional policies are no longer supported or have been superseded. 
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@ -99,9 +99,9 @@ In cases where the pause policy is first applied after the configured start date

 | Policy | Sets registry key under **HKLM\Software** |
 | --- | --- |
-| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates</br>**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartDate |
+| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates</br>**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartTime |
 | GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
-| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates</br> **1703 and later:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartDate |
+| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates</br> **1703 and later:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartTime |
 | MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |

 You can check the date that Feature Updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. 
@ -223,10 +223,10 @@ The following are quick-reference tables of the supported policy values for Wind
 | BranchReadinessLevel	| REG_DWORD | 2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel </br>32: systems take Feature Updates from Semi-annual Channel </br>Note: Other value or absent: receive all applicable updates |
 | DeferQualityUpdates | REG_DWORD | 1: defer quality updates</br>Other value or absent: don’t defer quality updates | 
 | DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
-| PauseQualityUpdatesStartDate | REG_DWORD | 1: pause quality updates</br>Other value or absent: don’t pause quality updates |
+| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: don’t pause quality updates |
 |DeferFeatureUpdates | REG_DWORD | 1: defer feature updates</br>Other value or absent: don’t defer feature updates |
 | DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days |
-| PauseFeatureUpdatesStartDate | REG_DWORD |1: pause feature updates</br>Other value or absent: don’t pause feature updates |
+| PauseFeatureUpdatesStartTime | REG_DWORD |1: pause feature updates</br>Other value or absent: don’t pause feature updates |
 | ExcludeWUDriversInQualityUpdate | REG_DWORD | 1: exclude Windows Update drivers</br>Other value or absent: offer Windows Update drivers |


@ -236,9 +236,9 @@ The following are quick-reference tables of the supported policy values for Wind
 | --- | --- | --- |
 | BranchReadinessLevel | REG_DWORD |2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel </br>32: systems take Feature Updates from Semi-annual Channel </br>Note: Other value or absent: receive all applicable updates |
 | DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
-| PauseQualityUpdatesStartDate | REG_DWORD | 1: pause quality updates</br>Other value or absent: don’t pause quality updates |
+| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: don’t pause quality updates |
 | DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days |
-| PauseFeatureUpdatesStartDate | REG_DWORD | 1: pause feature updates</br>Other value or absent: don’t pause feature updates |
+| PauseFeatureUpdatesStartTime | REG_DWORD | 1: pause feature updates</br>Other value or absent: don’t pause feature updates |
 | ExcludeWUDriversinQualityUpdate | REG_DWORD | 1: exclude Windows Update drivers</br>Other value or absent: offer Windows Update drivers |

 ## Update devices to newer versions
--- a/windows/deployment/update/waas-delivery-optimization-reference.md
+++ b/windows/deployment/update/waas-delivery-optimization-reference.md
@ -119,7 +119,7 @@ Download mode dictates which download sources clients are allowed to use when do

 By default, peer sharing on clients using the group download mode is limited to the same domain in Windows 10, version 1511, and the same domain and Active Directory Domain Services site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but do not fall within those domain or Active Directory Domain Services site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example, you could create a sub-group representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to be peers. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group.

-[//]: # (Configuration Manager Boundary Group option; GroupID Source policy)
+[//]: # (Configuration Manager boundary group option; GroupID Source policy)

 >[!NOTE]
 >To generate a GUID using Powershell, use [```[guid]::NewGuid()```](https://blogs.technet.microsoft.com/heyscriptingguy/2013/07/25/powertip-create-a-new-guid-by-using-powershell/)
--- a/windows/deployment/update/waas-delivery-optimization-setup.md
+++ b/windows/deployment/update/waas-delivery-optimization-setup.md
@ -35,6 +35,9 @@ Delivery Optimization offers a great many settings to fine-tune its behavior (se
 >[!NOTE]
 >These scenarios (and the recommended settings for each) are not mutually exclusive. It's possible that your deployment might involve more than one of these scenarios, in which case you can employ the related settings in any combination as needed. In all cases, however, "download mode" is the most important one to set.

+> [!NOTE]
+> Microsoft Intune includes a profile to make it easier to set Delivery Optimization policies. For details, see [Delivery Optimization settings for Intune](https://docs.microsoft.com/mem/intune/configuration/delivery-optimization-settings).
+
 Quick-reference table:

 | Use case | Policy | Recommended value | Reason |
@ -66,6 +69,9 @@ To do this in Group Policy go to **Configuration\Policies\Administrative Templat

 To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set **DODownloadMode** to **2**.

+> [!NOTE]
+> For more about using Delivery Optimization with Configuration Manager boundary groups, see [Delivery Optmization](https://docs.microsoft.com/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#delivery-optimization).
+

 ### Large number of mobile devices

@ -122,6 +128,8 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**
 | PredefinedCallerApplication | Indicates the last caller that initiated a request for the file. |
 | ExpireOn | The target expiration date and time for the file. |
 | Pinned | A yes/no value indicating whether an item has been "pinned" in the cache (see `setDeliveryOptmizationStatus`). |
+
+Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers.
 
 `Get-DeliveryOptimizationPerfSnap` returns a list of key performance data:

@ -139,7 +147,9 @@ Using the `-Verbose` option returns additional information:
 - Bytes from CDN (the number of bytes received over HTTP)
 - Average number of peer connections per download 

-Starting in Window 10, version 1903, `get-DeliveryOptimizationPerfSnap` has a new option `-CacheSummary` which provides a summary of the cache status.
+Starting in Windows 10, version 2004, `Get-DeliveryOptimizationPerfSnap` has a new option `-PeerInfo` which returns a real-time list of the connected peers.
+
+Starting in Windows 10, version 1903, `get-DeliveryOptimizationPerfSnap` has a new option `-CacheSummary` which provides a summary of the cache status.

 Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to that from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month.

@ -166,6 +176,30 @@ You can now "pin" files to keep them persistent in the cache. You can only do th

 #### Work with Delivery Optimization logs

+**Starting in Windows 10, version 2004:**
+
+`Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]`
+
+With no options, this cmdlet returns these data:
+
+- total number of files
+- number of foreground files
+- minimum file size for it to be cached
+- number of eligible files
+- number of files with peers
+- number of peering files [how different from the above?]
+- overall efficiency
+- efficiency in the peered files
+
+Using the `-ListConnections` option returns these detauls about peers:
+
+- destination IP address
+- peer type
+- status code
+- bytes sent
+- bytes received
+- file ID
+
 **Starting in Windows 10, version 1803:**

 `Get-DeliveryOptimizationLog [-Path <etl file path, supports wildcards>] [-Flush]`
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@ -32,6 +32,15 @@ Delivery Optimization is a cloud-managed solution. Access to the Delivery Optimi
 >[!NOTE]
 >WSUS can also use [BranchCache](waas-branchcache.md) for content sharing and caching. If Delivery Optimization is enabled on devices that use BranchCache, Delivery Optimization will be used instead. 

+## New in Windows 10, version 2004
+
+- Enterprise network throttling: new settings have been added in Group Policy and MDM to control foreground and background throttling as absolute values (Maximum Background Download Bandwidth in (in KB/s)). These settings are also available in the Windows user interface:
+
+![absolute bandwidth settings in delivery optimization interface](images/DO-absolute-bandwidth.png)
+
+- Activity Monitor now identifies the cache server used for as the source for Microsoft Connected Cache. For more information about using Microsoft Connected Cache with Configuration Manager, see [Microsoft Connected Cache](https://docs.microsoft.com/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#microsoft-connected-cache).
+
+
 ## Requirements

 The following table lists the minimum Windows 10 version that supports Delivery Optimization:
@ -54,11 +63,16 @@ The following table lists the minimum Windows 10 version that supports Delivery
 | Windows Defender definition updates | 1511 |
 | Office Click-to-Run updates | 1709 |
 | Win32 apps for Intune | 1709 |
+| Office installations and updates | 2004 |
+| Xbox game pass games | 2004 |
+| MSIX apps (HTTP downloads only) | 2004 |
 | Configuration Manager Express Updates | 1709 + Configuration Manager version 1711 |

-<!-- ### Network requirements
+> [!NOTE]
+> Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](https://docs.microsoft.com/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910).
+
+

-{can you share with me what the network requirements are?}-->



@ -124,6 +138,30 @@ For the payloads (optional):

 **How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?**: Starting in Windows 10, version 1903, Delivery Optimization uses LEDBAT to relieve such congestion. For more details see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819).

+**How does Delivery Optimization handle VPNs?**
+Delivery Optimization attempts to identify VPNs by checking the network adapter type and details and will treat the connection as a VPN if the adapter description contains certain keywords, such as "VPN" or "secure."
+
+If the connection is identified as a VPN, Delivery Optimization will not use any peer-to-peer activity. However, you can allow peer-to-peer activity over a VPN by using the [Enable Peer Caching while the device connects via VPN](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn)	policy.
+
+If you have defined a boundary group in Configuration Manager and have for VPN IP ranges, you can set the DownloadMode policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN.
+
+With split tunnelling, it's best to exclude the boundary group for the VPN devices to exclude it from using peer-to-peer. (In this case, those devices won't get the policy and will default to using LAN.) If you're using split tunnelling, you should allow direct access for these endpoints:
+
+Delivery Optimization service endpoint:
+- `https://*.prod.do.dsp.mp.microsoft.com`
+
+Delivery Optimization metadata:
+- `http://emdl.ws.microsoft.com`
+- `http://*.dl.delivery.mp.microsoft.com`
+
+Windows Update and Microsoft Store backend services and Windows Update and Microsoft Store payloads
+
+- `http://*.windowsupdate.com`
+- `https://*.delivery.mp.microsoft.com`
+- `https://*.update.microsoft.com`
+- `https://tsfe.trafficshaping.dsp.mp.microsoft.com`
+
+For more information about this if you're using Configuration Manager, see this post on the [Configuration Manager blog](https://techcommunity.microsoft.com/t5/configuration-manager-blog/managing-patch-tuesday-with-configuration-manager-in-a-remote/ba-p/1269444).

 ## Troubleshooting

--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@ -1,5 +1,5 @@
 ---
-title: Deploy updates using Windows Update for Business (Windows 10)
+title: Windows Update for Business (Windows 10)
 ms.reviewer: 
 manager: laurawi
 description: Windows Update for Business lets you manage when devices received updates from Windows Update.
@ -11,24 +11,118 @@ ms.author: jaimeo
 ms.topic: article
 ---

-# Deploy updates using Windows Update for Business
+# What is Windows Update for Business?


 **Applies to**

 - Windows 10
- Windows Server 2016
- Windows Server 2019

-Windows Update for Business is a free service that is available for Windows Pro, Enterprise, Pro for Workstation, and Education editions. 
+
+Windows Update for Business is a free service that is available for all premium editions including Windows 10 Pro, Enterprise, Pro for Workstation, and Education editions. 

 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 


-
-Windows Update for Business enables IT administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or MDM solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated.
+Windows Update for Business enables IT administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated.
  
-Specifically, Windows Update for Business allows for control over update offering and experience to allow for reliability and performance testing on a subset of systems before rolling out updates across the organization as well as a positive update experience for those within your organization.
+Specifically, Windows Update for Business allows for control over update offerings and experiences to allow for reliability and performance testing on a subset of devices before deploying updates across the organization as well as a positive update experience for those in your organization.
+
+## What can I do with Windows Update for Business?
+
+Windows Update for Business enables commercial customers to manage which Windows Updates are received when as well as the experience a device has when it receives them.
+
+You can control Windows Update for Business policies by using either Mobile Device Management (MDM) tools such as Microsoft Intune or Group Policy management tools such as local group policy or the Group Policy Management Console (GPMC), as well as a variety of other non-Microsoft management tools. MDMs use Configuration Service Provider (CSP) policies instead of Group Policy. Intune additionally uses Cloud Policies. Not all policies are available in all formats (CSP, Group Policy, or Cloud policy).
+
+
+### Manage deployment of Windows Updates 
+By using Windows Update for Business, you can control which types of Windows Updates are offered to devices in your ecosystem, when updates are applied, and deployment to devices in your organization in waves.
+
+### Manage which updates are offered 
+Windows Update for Business enables an IT administrator to receive and manage a variety of different types of Windows Updates. 
+
+## Types of updates managed by Windows Update for Business
+
+Windows Update for Business provides management policies for several types of updates to Windows 10 devices:
+
+- **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released semi-annually in the fall and in the spring.
+- **Quality updates:** These are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as those for Microsoft Office or Visual Studio) as quality updates. These non-Windows Updates are known as "Microsoft updates" and you can set devices to receive such updates (or not) along with their Windows updates.
+- **Driver updates:** These are non-Microsoft drivers that are applicable to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer. 
+- **Microsoft product updates**: These are updates for other Microsoft products, such as Office. Product updates are off by default. You can turn them on by using Windows Update for Business policies.
+
+
+## Offering
+You can control when updates are applied, for example by deferring when an update is installed on a device or by pausing updates for a certain period.
+
+### Manage when updates are offered
+You can defer or pause the installation of updates for a set period of time.
+
+#### Enroll in pre-release updates
+
+The branch readiness level enables administrators to specify which channel of feature updates they want to receive. Today there are branch readiness level options for both pre-release and released updates:
+
+- Windows Insider Fast
+- Windows Insider Slow
+- Windows Insider Release Preview
+- Semi-annual Channel
+
+Prior to Windows 10, version 1903, there are two channels for released updates: Semi-annual Channel and Semi-annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-annual Channel. All deferral days are calculated against a release’s Semi-annual Channel release date. For exact release dates, see [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. To use this policy to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
+
+#### Defer an update
+
+A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they are pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device. That is, if you set a feature update deferral period of 365 days, the device will not install a feature update that has been released for less than 365 days. To defer feature updates use the **Select when Preview Builds and Feature Updates are Received** policy.
+
+
+|Category  |Maximum deferral period  |
+|---------|---------|
+|Feature updates     |  365 days       |
+|Quality updates     | 30 days        |
+|Non-deferrable     |   none      |
+
+<!--Example: Using deferrals to deploy in waves
+      [Insert graphic with the deferrals set to different values showing a feature update rollout)--> 
+
+#### Pause an update
+
+If you discover a problem while deploying a feature or quality update, the IT administrator can pause the update for 35 days from a specified start date to prevent other devices from installing it until the issue is mitigated.
+If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. The pause period for both feature and quality updates is calculated from a start date that you set.
+
+To pause feature updates use the **Select when Preview Builds and Feature Updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
+
+Built in benefits:
+When updating from Windows Update you get the added benefits of built in compatibility checks to prevent against a poor update experience for your device as well as a check to prevent repeated rollbacks.
+
+### Recommendations
+
+For the best experience with Windows Update, follow these guidelines: 
+
+-	Use devices for at least 6 hours per month, including at least 2 hours of continuous use.
+-	Keep devices regularly charged. Plugging in devices overnight enables them to automatically update outside of active hours.
+-	Make sure that devices have at least 10 GB of free space.
+-	Give devices unobstructed access to the Windows Update service.
+
+### Manage the end-user experience when receiving Windows Updates
+
+Windows Update for Business provides controls to help meet your organization’s security standards as well as provide a great end-user experience. We do this by enabling you to set automatic updates at times that work well for those in your organization and set deadlines for quality and feature updates. Because Windows Update includes built-in intelligence, it's usually better to use fewer controls to manage the end-user experience. 
+
+#### Recommended experience settings
+
+Features like the smart busy check (which ensure updates don't happen when a user is signed in) and active hours help provide the best experience for end users while keeping devices more secure and up to date. Follow these steps to take advantage of these features:
+
+1.	Automatically download, install and restart (default if no restart policies are set up or enabled)
+2.	Use the default notifications 
+3.	Set update deadlines
+
+##### Setting deadlines 
+
+A compliance deadline policy (released in June 2019) enables you to set separate deadlines and grace periods for feature and quality updates. 
+
+This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This is extremely beneficial in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation.
+
+
+
+
+<!--

 >[!NOTE]
 > To use Windows Update for Business, you must allow devices to access the Windows Update service.
@ -120,22 +214,6 @@ For more information about Update Compliance, see [Monitor Windows Updates using
 | ![done](images/checklistdone.png) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
 | ![done](images/checklistdone.png) | Deploy updates using Windows Update for Business (this topic) </br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md) |

-## Related topics
- [Update Windows 10 in the enterprise](index.md)
- [Overview of Windows as a service](waas-overview.md)
- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
- [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) 
- [Configure Windows Update for Business](waas-configure-wufb.md)
- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
- [Walkthrough: use Intune to configure Windows Update for Business](https://docs.microsoft.com/intune/windows-update-for-business-configure)
- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md)
- [Manage device restarts after updates](waas-restart.md)
+


--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@ -46,7 +46,7 @@ Application compatibility testing has historically been a burden when approachin

 Most Windows 7–compatible desktop applications will be compatible with Windows 10 straight out of the box. Windows 10 achieved such high compatibility because the changes in the existing Win32 application programming interfaces were minimal.  Combined with valuable feedback via the Windows Insider Program and diagnostic data, this level of compatibility can be maintained through each feature update. As for websites, Windows 10 includes Internet Explorer 11 and its backward-compatibility modes for legacy websites. Finally, UWP apps follow a compatibility story similar to desktop applications, so most of them will be compatible with Windows 10. 

-For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. If it’s unclear whether an application is compatible with Windows 10, IT pros can either consult with the ISV or check the supported software directory at [http://www.readyforwindows.com](http://www.readyforwindows.com).
+For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. Desktop Analytics s a cloud-based service that integrates with Configuration Manager. The service provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows endpoints, including assessment of your existing applications. For more, see [Ready for modern desktop retirement FAQ](https://docs.microsoft.com/mem/configmgr/desktop-analytics/ready-for-windows).

 ### Device compatibility

--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@ -28,17 +28,17 @@ In the past, traditional Windows deployments tended to be large, lengthy, and ex

 Windows 10 spreads the traditional deployment effort of a Windows upgrade, which typically occurred every few years, over smaller, continuous updates. With this change, you must approach the ongoing deployment and servicing of Windows differently. A strong Windows 10 deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. Here’s an example of what this process might look like:

- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the Semi-Annual Channel. Typically, this would be a small number of test devices that IT staff members use to evaluate pre-releas builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program on a Windows 10 device.
+- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the Semi-Annual Channel. Typically, this would be a small number of test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program on a Windows 10 device.
 - **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the Semi-annual Channel can offer. For those machines, you must install Windows 10 Enterprise LTSB to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly. 
 - **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you’re looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
 - **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download a .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](https://msdn.microsoft.com/library/bb530196.aspx) directory in the SYSVOL of a domain controller if not using a Central Store). Always manage new group polices from the version of Windows 10 they shipped with by using the Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
 - **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager to manage your Windows updates, you can continue using those products to manage Windows 10 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. With Windows 10, multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
 - **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those that are the most business critical. Because the expectation is that application compatibility with Windows 10 will be high, only the most business critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](../upgrade/manage-windows-upgrades-with-upgrade-readiness.md). 

->[!NOTE]
->This strategy is applicable to approaching an environment in which Windows 10 already exists. For information about how to deploy or upgrade to Windows 10 where another version of Windows exists, see [Plan for Windows 10 deployment](../planning/index.md).
+> [!NOTE]
+> This strategy is applicable to approaching an environment in which Windows 10 already exists. For information about how to deploy or upgrade to Windows 10 where another version of Windows exists, see [Plan for Windows 10 deployment](../planning/index.md).
 >
->>Windows 10 Enterprise LTSB is a separate Long Term Servicing Channel version.
+> Windows 10 Enterprise LTSB is a separate Long Term Servicing Channel version.

 Each time Microsoft releases a Windows 10 feature update, the IT department should use the following high-level process to help ensure that the broad deployment is successful:

--- a/windows/deployment/update/waas-wufb-csp-mdm.md
+++ b/windows/deployment/update/waas-wufb-csp-mdm.md
@ -0,0 +1,218 @@
+---
+title: Configure Windows Update for Business by using CSPs and MDM
+description: Walk-through demonstration of how to configure Windows Update for Business settings using Configuration Service Providers and MDM.
+ms.prod: w10
+ms.mktglfcycl: manage
+author: jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.reviewer: 
+manager: laurawi
+ms.topic: article
+---
+
+# Walkthrough: Use CSPs and MDMs to configure Windows Update for Business
+
+
+**Applies to**
+
+- Windows 10
+
+> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
+
+
+## Overview 
+
+You can use Configuration Service Provider (CSP) policies to control how Windows Update for Business works by using a Mobile Device Management (MDM) tool. You should consider and devise a deployment strategy for updates before you make changes to the Windows Update for Business settings.
+ 
+An IT administrator can set policies for Windows Update for Business by using Microsoft Intune or a non-Microsoft MDM tool.
+
+To manage updates with Windows Update for Business, you should prepare with these steps, if you haven't already:
+
+- Create Active Directory security groups that align with the deployment rings you use to phase deployment of updates. See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to learn more about deployment rings in Windows 10.
+- Allow access to the Windows Update service.
+
+
+## Manage Windows Update offerings
+
+You can control when updates are applied, for example by deferring when an update is installed on a device or by pausing updates for a certain period of time.
+
+### Determine which updates you want offered to your devices
+
+Both Windows 10 feature and quality updates are automatically offered to devices that are connected to Windows Update using Windows Update for Business policies. However, you can choose whether you want the devices to additionally receive other Microsoft Updates or drivers that are applicable to that device.
+
+To enable Microsoft Updates use [Update/AllwMUUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowmuupdateservice).
+
+Drivers are automatically enabled because they are beneficial to device systems. We recommend that you allow the driver policy to allow drivers to updated on devices (the default), but you can turn this setting off if you prefer to manage drivers manually. If you want to disable driver updates for some reason, use Update/[ExcludeWUDriversInQualityUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-excludewudriversinqualityupdate).
+
+ We also recommend that you allow Microsoft product updates as discussed previously.
+
+### Set when devices receive feature and quality updates
+
+#### I want to receive pre-release versions of the next feature update
+
+1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates. 
+2. For any of test devices you want to install pre-release builds, use [Update/ManagePreviewBuilds](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-managepreviewbuilds). Set this to **Enable preview builds**.
+3. Use [Update/BranchReadinessLevel](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel) and select one of the preview Builds. Windows Insider Program Slow is the recommended channel for commercial customers who are using pre-release builds for validation.
+4. Additionally, you can defer pre-release feature updates the same way as released updates, by setting a deferral period up to 14 days by using [Update/DeferFeatureUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays). If you are testing with Windows Insider Program Slow builds, we recommend that you receive the preview updates to your IT department on day 0, when the update is released, and then have a 7-10 day deferral before rolling out to your group of testers. This ensures that if a problem is discovered, you can pause the rollout of the preview update before it reaches your tests.
+
+#### I want to manage which released feature update my devices receive
+
+A Windows Update for Business administrator can defer or pause updates. You can defer feature updates for up to 365 days and defer quality updates for up to 30 days. Deferring simply means that you will not receive the update until it has been released for at least the number of deferral days you specified (offer date = release date + deferral date). You can pause feature or quality updates for up to 35 days from a given start date that you specify.
+
+- To defer a feature update: [Update/DeferFeatureUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays)
+- To pause a feature update: [Update/PauseFeatureUpdatesStartTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-pausefeatureupdatesstarttime)
+- To defer a quality update: [Update/DeferQualityUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferqualityupdatesperiodindays)
+- To pause a quality update: [Update/PauseQualityUpdatesStartTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-pausequalityupdatesstarttime)
+
+#### Example
+
+In this example, there are three rings for quality updates. The first ring ("pilot") has a deferral period of 0 days. The second ring ("fast") has a deferral of five days. The third ring ("slow") has a deferral of ten days.
+
+![illustration of devices divided into three rings](images/waas-wufb-3-rings.png)
+
+When the quality update is released, it is offered to devices in the pilot ring the next time they scan for updates.
+
+##### Five days later
+The devices in the fast ring are offered the quality update the next time they scan for updates.
+
+![illustration of devices with fast ring deployed](images/waas-wufb-fast-ring.png)
+
+##### Ten days later
+Ten days after the quality update is released, it is offered to the devices in the slow ring the next time they scan for updates.
+
+![illustration of devices with slow ring deployed](images/waas-wufb-slow-ring.png)
+
+If no problems occur, all of the devices that scan for updates will be offered the quality update within ten days of its release, in three waves.
+
+##### What if a problem occurs with the update?
+
+In this example, some problem is discovered during the deployment of the update to the "pilot" ring.
+
+![illustration of devices divided with pilot ring experiencing a problem](images/waas-wufb-pilot-problem.png)
+
+At this point, the IT administrator can set a policy to pause the update. In this example, the admin selects the **Pause quality updates** check box.
+
+![illustration of rings with pause quality update check box selected](images/waas-wufb-pause.png)
+
+Now all devices are paused from updating for 35 days. When the pause is removed, they will be offered the *next* quality update, which ideally will not have the same issue. If there is still an issue, the IT admin can pause updates again.
+
+
+
+
+#### I want to stay on a specific version
+
+If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the **Select the target Feature Update version** setting instead of  using the Update/TargetReleaseVersion (or DeployFeatureUpdates in Windows 10, version 1803 and later) setting for feature update deferrals. When you use this policy, specify the version that you want your device(s) to use. If you don't update this before the device reaches end of service, the device will automatically be updated once it is 60 days past end of service for its edition.
+
+### Manage how users experience updates
+
+#### I want to manage when devices download, install, and restart after updates
+
+We recommended that you allow to update automatically--this is the default behavior. If you don't set an automatic update policy, the device will attempt to download, install, and restart at the best times for the user by using built-in intelligence such as intelligent active hours and smart busy check.
+
+For more granular control, you can set the maximum period of active hours the user can set with [Update/ActiveHoursMaxRange](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-activehoursmaxrange). You could also set specific start and end times for active ours with [Update/ActiveHoursEnd](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-activehoursend) and [Update/ActiveHoursStart](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-activehoursstart).
+
+It's best to refrain from setting the active hours policy because it's enabled by default when automatic updates are not disabled and provides a better experience when users can set their own active hours.
+
+To update outside of the active hours, use [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) with Option 2 (which is the default setting). For even more granular control, consider using automatic updates to schedule the install time, day, or week. To do this, use Option 3, and then set the following policies as appropriate for your plan:
+
+- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday) 
+- [Update/ScheduledInstallEveryWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) 
+- [Update/ScheduledInstallFirstWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) 
+- [Update/ScheduledInstallFourthWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) 
+- [Update/ScheduledInstallSecondWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) 
+- [Update/ScheduledInstallThirdWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) 
+- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)
+
+
+When you set these policies, installation happens automatically at the specified time and the device will restart 15 minutes after installation is complete (unless it's interrupted by the user).
+
+If you don't want to allow any automatic updates prior to the deadline, set [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) to Option 5, which turns off automatic updates.
+
+#### I want to keep devices secure and compliant with update deadlines
+
+We recommend that you use set specific deadlines for feature and quality updates to ensure that devices stay secure on Windows 10, version 1709 and later. This works by enabling you to specify the number of days that can elapse after an update is offered to a device before it must be installed. Also you can set the number of days that can elapse after a pending restart before the user is forced to restart. Use these settings:
+
+- [Update/ConfigureDeadlineForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-configuredeadlineforfeatureupdates) 
+- [Update/ConfigureDeadlineForQualityUpdates ](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-configuredeadlineforqualityupdates)
+- [Update/ConfigureDeadlineGracePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-configuredeadlinegraceperiod) 
+- [Update/ConfigureDeadlineNoAutoReboot](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-configuredeadlinenoautoreboot)
+
+These policies also offer an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardles of active hours.
+
+These notifications are what the user sees depending on the settings you choose:
+
+When **Specify deadlines for automatic updates and restarts** is set (For Windows 10, version 1709 and later):
+
+ - **While restart is pending, before the deadline occurs:**
+
+   - For the first few days, the user receives a toast notification
+
+   - After this period, the user receives this dialog:
+
+     ![The notification users get for an impending restart prior to deadline](images/wufb-update-deadline-warning.png)
+
+   - If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur:
+
+     ![The notification users get for an impending restart 15 minutes prior to restart](images/wufb-restart-imminent-warning.png)
+
+ - **If the restart is still pending after the deadline passes:**
+ 
+   - Within 12 hours before the deadline passes, the user receives this notification that the deadline is approaching:
+
+     ![The notification users get for an approaching restart deadline](images/wufb-pastdeadline-restart-warning.png)
+
+   - Once the deadline has passed, the user is forced to restart to keep their devices in compliance and receives this notification:
+
+     ![The notification users get for an imminent restart after the deadline](images/wufb-pastdeadline-restartnow.png)
+
+#### I want to manage the notifications a user sees
+
+There are additional settings that affect the notifications.
+
+We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that are not met by the default notification settings, you can use the [Update/UpdateNotificationLevel](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel) policy with these values:
+
+**0** (default) – Use the default Windows Update notifications
+**1** – Turn off all notifications, excluding restart warnings
+**2** – Turn off all notifications, including restart warnings
+
+> [!NOTE]
+> Option **2** creates a poor experience for personal devices; it's only recommended for kiosk devices where automatic restarts have been disabled.
+
+Still more options are available in [Update/ScheduleRestartWarning](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-schedulerestartwarning). This setting allows you to specify the period for auto-restart warning reminder notifications (from 2-24 hours; 4 hours is the default) before the update. You can also specify the period for auto-restart imminent warning notifications with [Update/ScheduleImminentRestartWarning](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduleimminentrestartwarning) (15-60 minutes is the default). We recommend using the default notifications.
+
+#### I want to manage the update settings a user can access
+
+Every Windows device provides users with a variety of controls they can use to manage Windows Updates. They can access these controls by Search to find Windows Updates or by going selecting **Updates and Security** in **Settings**. We provide the ability to disable a variety of these controls that are accessible to users.
+ 
+Users with access to update pause settings can prevent both feature and quality updates for 7 days. You can prevent users from pausing updates through the Windows Update settings page by using [Update/SetDisablePauseUXAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-setdisablepauseuxaccess).
+When you disable this setting, users will see **Some settings are managed by your organization** and the update pause settings are greyed out.
+
+If you use Windows Server Update Server (WSUS), you can prevent users from scanning Windows Update. To do this, use [Update/SetDisableUXWUAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-setdisableuxwuaccess).
+
+
+
+
+## Related topics
+
+- [Update Windows 10 in the enterprise](index.md)
+- [Overview of Windows as a service](waas-overview.md)
+- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
+- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
+- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
+- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
+- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
+- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
+- [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) 
+- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
+- [Configure Windows Update for Business](waas-configure-wufb.md)
+- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
+- [Walkthrough: use Intune to configure Windows Update for Business](https://docs.microsoft.com/intune/windows-update-for-business-configure)
+- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
+- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md)
+- [Manage device restarts after updates](waas-restart.md)
+
+
+
+
+
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@ -27,7 +27,7 @@ You can use Group Policy through the Group Policy Management Console (GPMC) to c

 An IT administrator can set policies for Windows Update for Business by using Group Policy, or they can be set locally (per device). All of the relevant policies are under the path **Computer configuration > Administrative Templates > Windows Components > Windows Update**.

-To manage updates with Windows Update for Business as described in this topic, you should prepare with these steps, if you haven't already:
+To manage updates with Windows Update for Business as described in this article, you should prepare with these steps, if you haven't already:

 - Create Active Directory security groups that align with the deployment rings you use to phase deployment of updates. See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to learn more about deployment rings in Windows 10.
 - Allow access to the Windows Update service.
@ -49,27 +49,34 @@ Follow these steps on a device running the Remote Server Administration Tools or
 6. In the Group Policy Management Editor, go to **Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update**. You are now ready to start assigning policies to this ring (group) of devices.


-## Offering
+## Manage Windows Update offerings

 You can control when updates are applied, for example by deferring when an update is installed on a device or by pausing updates for a certain period of time.

-### Manage which updates are offered
+### Determine which updates you want offered to your devices

-Windows Update for Business offers you the ability to turn on or off both driver and Microsoft product updates.   
+Both Windows 10 feature and quality updates are automatically offered to devices that are connected to Windows Update using Windows Update for Business policies. However, you can choose whether you want the devices to additionally receive other Microsoft Updates or drivers that are applicable to that device.

- Drivers (on/off): **Computer configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates**
- Microsoft product updates (on/off): **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates > Install updates for other Microsoft products**
+To enable Microsoft Updates use the Group Policy Management Console go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates**  and select **Install updates for other Microsoft products**.

-We recommend that you allow the driver policy to allow drivers to updated on devices (the default), but you can turn this setting off if you prefer to manage drivers manually. We also recommend that you leave the "Microsoft product updates" setting on.
+Drivers are automatically enabled because they are beneficial to device systems. We recommend that you allow the driver policy to allow drivers to updated on devices (the default), but you can turn this setting off if you prefer to manage drivers manually. If you want to disable driver updates for some reason, use the Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates** and enable the policy.

-### Manage when updates are offered
-You can defer or pause the installation of updates for a set period of time.
+ We also recommend that you allow Microsoft product updates as discussed previously.

-#### Defer or pause an update
+### Set when devices receive feature and quality updates

-A Windows Update for Business administrator can defer or pause updates and preview builds. You can defer features updates for up to 365 days. You can pause feature or quality updates for up to 35 days from a given start date that you specify.
+#### I want to receive pre-release versions of the next feature update

- Defer or pause a feature update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are Received**
+1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates. 
+2. Use Group Policy Management Console to go to: C**omputer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds** and set the policy to **Enable preview builds** for any of test devices you want to install pre-release builds.
+3. Use Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received**. In the **Options** pane, use the pulldown menu to select one of the preview builds. We recomment **Windows Insider Program Slow** for commercial customers using pre-release builds for validation.
+4. Select **OK**. 
+
+#### I want to manage which released feature update my devices receive
+
+A Windows Update for Business administrator can defer or pause updates. You can defer feature updates for up to 365 days and defer quality updates for up to 30 days. Deferring simply means that you will not receive the update until it has been released for at least the number of deferral days you specified (offer date = release date + deferral date). You can pause feature or quality updates for up to 35 days from a given start date that you specify.
+
+- To defer or pause a feature update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are Received**
 - Defer or pause a quality update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are Received**

 #### Example
@ -106,18 +113,80 @@ Now all devices are paused from updating for 35 days. When the pause is removed,



-#### Set branch readiness level for feature updates

-This policy only applies to feature updates. To enable preview builds for devices in your organization, set the "Enable preview builds" policy and then use the "Select when preview builds and feature updates are received" policy.
+#### I want to stay on a specific version

-We recommend that you set up a ring to receive preview builds by joining the Windows Insider Program for Business. By having a ring of devices receiving "pre-release slow" builds and learning about commercial pre-release features, you can ensure that any issues you have with the release are fixed before it is ever released and far before you broadly deploy. 
+If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the **Select the target Feature Update version** setting instead of  using the **Specify when Preview Builds and Feature Updates are received** setting for feature update deferrals. When you use this policy, specify the version that you want your device(s) to use. If you don't update this before the device reaches end of service, the device will automatically be updated once it is 60 days past end of service for its edition.

- Enable preview builds: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage Preview Builds**
+### Manage how users experience updates

+#### I want to manage when devices download, install, and restart after updates

+We recommend that you allow to update automatically--this is the default behavior. If you don't set an automatic update policy, the device will attempt to download, install, and restart at the best times for the user by using built-in intelligence such as intelligent active hours and smart busy check.

- Set branch readiness level: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are Received**
+For more granular control, you can set the maximum period of active hours the user can set with **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify active hours range for auto restart**.

+It's best to refrain from setting the active hours policy because it's enabled by default when automatic updates are not disabled and provides a better experience when users can set their own active hours. If you do want to set active hours, use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Turn off auto-restart for updates during active hours**.
+
+To update outside of the active hours, you don't need to set any additional settings: simply don't disable automatic restarts. For even more granular control, consider using automatic updates to schedule the install time, day, or week. To do this, use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates** and select **Auto download and schedule the install**. You can customize this setting to accommodate the time that you want the update to be installed for your devices. 
+
+When you set these policies, installation happens automatically at the specified time and the device will restart 15 minutes after installation is complete (unless it's interrupted by the user).
+
+#### I want to keep devices secure and compliant with update deadlines
+
+We recommend that you use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadline for automatic updates and restarts** for feature and quality updates to ensure that devices stay secure on Windows 10, version 1709 and later. This works by enabling you to specify the number of days that can elapse after an update is offered to a device before it must be installed. Also you can set the number of days that can elapse after a pending restart before the user is forced to restart.
+
+This policies also offers an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardles of active hours.
+
+These notifications are what the user sees depending on the settings you choose:
+
+When **Specify deadlines for automatic updates and restarts** is set (For Windows 10, version 1709 and later):
+
+ - **While restart is pending, before the deadline occurs:**
+
+   - For the first few days, the user receives a toast notification
+
+   - After this period, the user receives this dialog:
+
+     ![The notification users get for an impending restart prior to deadline](images/wufb-update-deadline-warning.png)
+
+   - If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur:
+
+     ![The notification users get for an impending restart 15 minutes prior to restart](images/wufb-restart-imminent-warning.png)
+
+ - **If the restart is still pending after the deadline passes:**
+ 
+   - Within 12 hours before the deadline passes, the user receives this notification that the deadline is approaching:
+
+     ![The notification users get for an approaching restart deadline](images/wufb-pastdeadline-restart-warning.png)
+
+   - Once the deadline has passed, the user is forced to restart to keep their devices in compliance and receives this notification:
+
+     ![The notification users get for an imminent restart after the deadline](images/wufb-pastdeadline-restartnow.png)
+
+#### I want to manage the notifications a user sees
+
+There are additional settings that affect the notifications.
+
+We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that are not met by the default notification settings, you can use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Display options for update notifications** with these values:
+
+**0** (default) – Use the default Windows Update notifications
+**1** – Turn off all notifications, excluding restart warnings
+**2** – Turn off all notifications, including restart warnings
+
+> [!NOTE]
+> Option **2** creates a poor experience for personal devices; it's only recommended for kiosk devices where automatic restarts have been disabled.
+
+Still more options are available in **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure auto-restart restart warning notifications schedule for updates**. This setting allows you to specify the period for auto-restart warning reminder notifications (from 2-24 hours; 4 hours is the default) before the update and to specify the period for auto-restart imminent warning notifications (15-60 minutes is the default). We recommend using the default notifications.
+
+#### I want to manage the update settings a user can access
+
+Every Windows device provides users with a variety of controls they can use to manage Windows Updates. They can access these controls by Search to find Windows Updates or by going selecting **Updates and Security** in **Settings**. We provide the ability to disable a variety of these controls that are accessible to users.
+ 
+Users with access to update pause settings can prevent both feature and quality updates for 7 days. You can prevent users from pausing updates through the Windows Update settings page by using **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Remove access to “Pause updates**.
+When you disable this setting, users will see **Some settings are managed by your organization** and the update pause settings are greyed out.
+
+If you use Windows Server Update Server (WSUS), you can prevent users from scanning Windows Update. To do this, use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Remove access to use all Windows Update features**.



--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@ -28,13 +28,23 @@ ms.topic: article

 ## About SetupDiag

-<I>Current version of SetupDiag: 1.6.0.42</I>
+<I>Current downloadable version of SetupDiag: 1.6.0.42</I>
 >Always be sure to run the most recent version of SetupDiag, so that can access new functionality and fixes to known issues.

 SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. 

 SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode.

+## SetupDiag in Windows 10, version 2004 and later
+
+With the release of Windows 10, version 2004, SetupDiag is included with Windows Setup.
+
+During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, SetupDiag.exe is also installed to this directory. If there is an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure.
+
+If the upgrade process proceeds normally, this directory is moved under **%SystemDrive%\Windows.Old** for cleanup. If this directory is deleted, SetupDiag.exe will also be removed.
+
+## Using SetupDiag
+
 To quickly use SetupDiag on your current computer:
 1. Verify that your system meets the [requirements](#requirements) described below. If needed, install the [.NET framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137).
 2. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142).
--- a/windows/deployment/windows-autopilot/TOC.md
+++ b/windows/deployment/windows-autopilot/TOC.md
@ -22,6 +22,7 @@
 ## [DFCI management](dfci-management.md)
 ## [Windows Autopilot update](autopilot-update.md)
 ## [Troubleshooting](troubleshooting.md)
+## [Policy conflicts](policy-conflicts.md)
 ## [Known issues](known-issues.md)

 # Support
--- a/windows/deployment/windows-autopilot/bitlocker.md
+++ b/windows/deployment/windows-autopilot/bitlocker.md
@ -39,7 +39,7 @@ An example of Microsoft Intune Windows Encryption settings is shown below.

   ![BitLocker encryption settings](images/bitlocker-encryption.png)

-Note that a device which is encrypted automatically will need to be decrypted prior to changing the encyption algorithm.
+Note that a device which is encrypted automatically will need to be decrypted prior to changing the encryption algorithm.

 The settings are available under Device Configuration -> Profiles -> Create profile -> Platform = Windows 10 and later, Profile type = Endpoint protection -> Configure -> Windows Encryption -> BitLocker base settings, Configure encryption methods = Enable.

--- a/windows/deployment/windows-autopilot/known-issues.md
+++ b/windows/deployment/windows-autopilot/known-issues.md
@ -29,6 +29,9 @@ ms.topic: article
 <tr><td>Blocking apps specified in a user-targeted Enrollment Status Profile are ignored during device ESP.</td>
 <td>The services responsible for determining the list of apps that should be blocking during device ESP are not able to determine the correct ESP profile containing the list of apps because they do not know the user identity.  As a workaround, enable the default ESP profile (which targets all users and devices) and place the blocking app list there.  In the future, it will be possible to instead target the ESP profile to device groups to avoid this issue.</tr>

+<tr><td>That username looks like it belongs to another organization. Try signing in again or start over with a different account.</td>
+  <td>Confirm that all of your information is correct at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot. See <a href="https://docs.microsoft.com/windows/deployment/windows-autopilot/troubleshooting#windows-10-version-1709-and-above">Troubleshooting Windows Auto Pilot </a> for more details.</td></tr>
+
 <tr><td>Windows Autopilot user-driven Hybrid Azure AD deployments do not grant users Administrator rights even when specified in the Windows Autopilot profile.</td>
 <td>This will occur when there is another user on the device that already has Administrator rights.  For example, a PowerShell script or policy could create an additional local account that is a member of the Administrators group.  To ensure this works properly, do not create an additional account until after the Windows Autopilot process has completed.</tr>

--- a/windows/deployment/windows-autopilot/policy-conflicts.md
+++ b/windows/deployment/windows-autopilot/policy-conflicts.md
@ -0,0 +1,37 @@
+---
+title: Windows Autopilot policy conflicts
+ms.reviewer: 
+manager: laurawi
+description: Inform yourself about known issues that may occur during Windows Autopilot deployment.
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: deploy
+audience: itpro
+author: mtniehaus
+ms.author: mniehaus
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+
+# Windows Autopilot - Policy Conflicts
+
+**Applies to**
+
+- Windows 10
+
+There are a sigificant number of policy settings available for Windows 10, both as native MDM policies and group policy (ADMX-backed) settings. Some of these can cause issues in certain Windows Autopilot scenarios as a result of how they change the behavior of Windows 10. If you encounter any of these issues, remove the policy in question to resolve the issue.
+
+<table>
+<th>Policy<th>More information
+
+<tr><td width="50%">Device restriction / <a href="https://docs.microsoft.com/partner-center/regional-authorization-overview">Password policy</a>
+<td>When certain <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-devicelock">DeviceLock policies</a>, such as minimum password length and password complexity, or any similar group policy settings, including any that disable auto-logon, are applied to a device, and that device reboots during the device Enrollment Status Page (ESP), the out-of-box experience or user desktop auto-logon could fail unexpectantly.
+</table>
+
+## Related topics
+
+[Troubleshooting Windows Autopilot](troubleshooting.md)
--- a/windows/deployment/windows-autopilot/registration-auth.md
+++ b/windows/deployment/windows-autopilot/registration-auth.md
@ -80,6 +80,10 @@ Each OEM has a unique link to provide to their respective customers, which the O
    ![Not global admin](images/csp7.png)
 3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and they’re done.  Authorization happens instantaneously.

+    > [!NOTE]
+    > Once this process has completed, it is not currently possible for an administrator to remove an OEM. To remove an OEM or revoke
+      their permissions, send a request to msoemops@microsoft.com
+
 4. The OEM can use the Validate Device Submission Data API to verify the consent has completed.  This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process.

    > [!NOTE]
--- a/windows/deployment/windows-autopilot/white-glove.md
+++ b/windows/deployment/windows-autopilot/white-glove.md
@ -109,7 +109,7 @@ If the pre-provisioning process completed successfully and the device was reseal

 - Power on the device.
 - Select the appropriate language, locale, and keyboard layout.
- Connect to a network (if using Wi-Fi).  If using Hybrid Azure AD Join, there must be connectivity to a domain controller; if using Azure AD Join, internet connectivity is required.
+- Connect to a network (if using Wi-Fi).  Internet access is always required.  If using Hybrid Azure AD Join, there must also be connectivity to a domain controller.
 - On the branded sign-on screen, enter the user’s Azure Active Directory credentials.
 - If using Hybrid Azure AD Join, the device will reboot; after the reboot, enter the user’s Active Directory credentials.
 - Additional policies and apps will be delivered to the device, as tracked by the Enrollment Status Page (ESP).  Once complete, the user will be able to access the desktop.
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
@ -94,7 +94,7 @@ If the Microsoft Store is not accessible, the AutoPilot process will still conti
 Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs:

 To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required:
- [Microsoft 365 Business subscriptions](https://www.microsoft.com/microsoft-365/business)
+- [Microsoft 365 Business Premium subscriptions](https://www.microsoft.com/microsoft-365/business)
 - [Microsoft 365 F1 subscriptions](https://www.microsoft.com/microsoft-365/enterprise/firstline)
 - [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/education/buy-license/microsoft365/default.aspx)
 - [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune).