Merge pull request #919 from MicrosoftDocs/FromPrivateRepo

From private repo
2025-05-15 06:47:21 +00:00 · 2018-05-16 17:46:59 +00:00 · 2018-05-16 17:46:59 +00:00 · af2c250957
commit af2c250957
parent f213fd35a9 2e6410e0fc
9 changed files with 249 additions and 196 deletions
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@ -9,7 +9,7 @@ ms.localizationpriority: medium
 author: jdeckerms
 ms.author: jdecker
 ms.topic: article
-ms.date: 04/30/2018
+ms.date: 05/16/2018
 ---
 # Enable or block Windows Mixed Reality apps in the enterprise
@ -44,7 +44,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
    ```
    Add-Package
-    Dism /Image:C:\test\offline /Add-Package /PackagePath:*path to the cab file*
+    Dism /Online /add-windowspackage <cab>
    ```
  c. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**.
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@ -22,6 +22,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
 New or changed topic | Description
 --- | ---
 [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | Added note that Wi-Fi Sense is no longer available.
 Topics about Windows 10 diagnostic data | Moved to [Windows Privacy](https://docs.microsoft.com/windows/privacy/).
 ## RELEASE: Windows 10, version 1803
--- a/windows/hub/breadcrumb/toc.yml
+++ b/windows/hub/breadcrumb/toc.yml
@ -25,6 +25,9 @@
            - name: Mobile Device Management
              tocHref: /windows/client-management/mdm/
              topicHref: /windows/client-management/mdm/index
        - name: Privacy
          tocHref: /windows/privacy/
          topicHref: /windows/privacy/index
        - name: Security
          tocHref: /windows/security/
          topicHref: /windows/security/index
--- a/windows/privacy/breadcrumb/toc.yml
+++ b/windows/privacy/breadcrumb/toc.yml
@ -1,3 +0,0 @@
 - name: Docs
  tocHref: /
  topicHref: /
--- a/windows/privacy/docfx.json
+++ b/windows/privacy/docfx.json
@ -33,8 +33,7 @@
    "externalReference": [],
    "globalMetadata": {
      "uhfHeaderId": "MSDocsHeader-WindowsIT", 
-      "breadcrumb_path": "/windows/privacy/breadcrumb/toc.json",
+      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
      "extendBreadcrumb": true,
      "ms.technology": "windows",
      "ms.topic": "article",
 		  "ms.author": "daniha",
--- a/windows/privacy/gdpr-it-guidance.md
+++ b/windows/privacy/gdpr-it-guidance.md
@ -178,7 +178,7 @@ If an IT organization has not disabled this policy, users within the organizatio
 Windows 10, version 1803, and later can provide users with a notification during their logon. If the IT organization has not disabled the Group Policy **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Configure telemetry opt-in change notifications** or the MDM policy **ConfigureTelemetryOptInChangeNotification**, Windows diagnostic data notifications can appear at logon so that the users of a device are aware of the data collection.
-This notification can also be shown when the diagnostic level for the device was changed. For instance, if the telemetry level on the device is set to “Basic” and the IT organization changes it to “Full”, users will be notified on their next logon.
+This notification can also be shown when the diagnostic level for the device was changed. For instance, if the diagnostic level on the device is set to “Basic” and the IT organization changes it to “Full”, users will be notified on their next logon.
 ### Diagnostic Data Viewer (DDV)
--- a/windows/privacy/manage-windows-endpoints.md
+++ b/windows/privacy/manage-windows-endpoints.md
@ -24,13 +24,13 @@ Some Windows components, app, and related services transfer data to Microsoft ne
 -	Connecting to the cloud to store and access backups.
 -	Using your location to show a weather forecast.
-This article lists different endpoints that are available on a clean installation of Windows 10 Enterprise, version 1709 and later.
+This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
 Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). 
 Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. 
 We used the following methodology to derive these network endpoints:
-1.	Set up the latest version of Windows 10 Enterprise test virtual machine using the default settings. 
+1.	Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
 2.	Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
 3.	Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
 4.	Compile reports on traffic going to public IP addresses.
@ -39,6 +39,8 @@ We used the following methodology to derive these network endpoints:
 > [!NOTE]
 > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
 ## Windows 10 Enterprise connection endpoints
 ## Apps
 The following endpoint is used to download updates to the Weather app Live Tile. 
--- a/windows/privacy/windows-personal-data-services-configuration.md
+++ b/windows/privacy/windows-personal-data-services-configuration.md
@ -43,44 +43,49 @@ This setting determines the amount of Windows diagnostic data sent to Microsoft.
 #### Group Policy
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
+>|:-|:-|
-| **Policy Name** | Allow Telemetry |
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
-| **Default setting** | 2 - Enhanced |
+>| **Policy Name** | Allow Telemetry |
-| **Recommended** | 2 - Enhanced |
+>| **Default setting** | 2 - Enhanced |
 >| **Recommended** | 2 - Enhanced |
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
+>|:-|:-|
-| **Policy Name** | Allow Telemetry |
+>| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
-| **Default setting** | 2 - Enhanced |
+>| **Policy Name** | Allow Telemetry |
-| **Recommended** | 2 - Enhanced |
+>| **Default setting** | 2 - Enhanced |
 >| **Recommended** | 2 - Enhanced |
 #### Registry
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
+>|:-|:-|
-| **Value** | AllowTelemetry |
+>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
-| **Type** | REG_DWORD |
+>| **Value** | AllowTelemetry |
-| **Setting** | "00000002" |
+>| **Type** | REG_DWORD |
 >| **Setting** | "00000002" |
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Registry key** | HKCU\Software\Policies\Microsoft\Windows\DataCollection |
+>|:-|:-|
-| **Value** | AllowTelemetry |
+>| **Registry key** | HKCU\Software\Policies\Microsoft\Windows\DataCollection |
-| **Type** | REG_DWORD |
+>| **Value** | AllowTelemetry |
-| **Setting** | "00000002" |
+>| **Type** | REG_DWORD |
 >| **Setting** | "00000002" |
 #### MDM
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **MDM CSP** | System |
+>|:-|:-|
-| **Policy** | AllowTelemetry (scope: device and user)  |
+>| **MDM CSP** | System |
-| **Default setting** | 2 – Enhanced |
+>| **Policy** | AllowTelemetry (scope: device and user)  |
-| **Recommended** | 2 – Allowed |
+>| **Default setting** | 2 – Enhanced |
 >| **Recommended** | 2 – Allowed |
 ### Diagnostic opt-in change notifications
@ -88,30 +93,33 @@ This setting determines whether a device shows notifications about Windows diagn
 #### Group Policy
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
+>|:-|:-|
-| **Policy Name** | Configure telemetry opt-in change notifications |
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
-| **Default setting** | Enabled |
+>| **Policy Name** | Configure telemetry opt-in change notifications |
-| **Recommended** | Enabled |
+>| **Default setting** | Enabled |
 >| **Recommended** | Enabled |
 #### Registry
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
+>|:-|:-|
-| **Value** | DisableTelemetryOptInChangeNotification |
+>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
-| **Type** | REG_DWORD |
+>| **Value** | DisableTelemetryOptInChangeNotification |
-| **Setting** | "00000001" |
+>| **Type** | REG_DWORD |
 >| **Setting** | "00000001" |
 #### MDM
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **MDM CSP** | System |
+>|:-|:-|
-| **Policy** | ConfigureTelemetryOptInChangeNotification  |
+>| **MDM CSP** | System |
-| **Default setting** | 0 – Enabled |
+>| **Policy** | ConfigureTelemetryOptInChangeNotification  |
-| **Recommended** | 0 – Enabled |
+>| **Default setting** | 0 – Enabled |
 >| **Recommended** | 0 – Enabled |
 ### Configure telemetry opt-in setting user interface
@ -119,30 +127,33 @@ This setting determines whether people can change their own Windows diagnostic d
 #### Group Policy
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
+>|:-|:-|
-| **Policy Name** | Configure telemetry opt-in setting user interface |
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds |
-| **Default setting** | Enabled |
+>| **Policy Name** | Configure telemetry opt-in setting user interface |
-| **Recommended** | Enabled |
+>| **Default setting** | Enabled |
 >| **Recommended** | Enabled |
 #### Registry
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
+>|:-|:-|
-| **Value** | DisableTelemetryOptInSettingsUx |
+>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
-| **Type** | REG_DWORD |
+>| **Value** | DisableTelemetryOptInSettingsUx |
-| **Setting** | "00000001" |
+>| **Type** | REG_DWORD |
 >| **Setting** | "00000001" |
 #### MDM
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **MDM CSP** | System |
+>|:-|:-|
-| **Policy** | ConfigureTelemetryOptInSettingsUx  |
+>| **MDM CSP** | System |
-| **Default setting** | 0 – Enabled |
+>| **Policy** | ConfigureTelemetryOptInSettingsUx  |
-| **Recommended** | 0 – Enabled |
+>| **Default setting** | 0 – Enabled |
 >| **Recommended** | 0 – Enabled |
 ## Policies affecting personal data protection managed by the Enterprise IT
@ -158,66 +169,73 @@ The following settings determine whether fixed and removable drives are protecte
 #### Group Policy
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Fixed Data Drives |
+>|:-|:-|
-| **Policy Name** | Deny write access to fixed drives not protected by BitLocker |
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Fixed Data Drives |
-| **Default setting** | Not configured |
+>| **Policy Name** | Deny write access to fixed drives not protected by BitLocker |
-| **Recommended** | Enabled |
+>| **Default setting** | Not configured |
 >| **Recommended** | Enabled |
 #### Registry
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Registry key** | HKLM\System\CurrentControlSet\Policies\Microsoft\FVE |
+>|:-|:-|
-| **Value** | FDVDenyWriteAccess |
+>| **Registry key** | HKLM\System\CurrentControlSet\Policies\Microsoft\FVE |
-| **Type** | REG_DWORD |
+>| **Value** | FDVDenyWriteAccess |
-| **Setting** | "00000001" |
+>| **Type** | REG_DWORD |
 >| **Setting** | "00000001" |
 #### MDM
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **MDM CSP** | BitLocker |
+>|:-|:-|
-| **Policy** | RemovableDrivesRequireEncryption  |
+>| **MDM CSP** | BitLocker |
-| **Default setting** | Disabled |
+>| **Policy** | RemovableDrivesRequireEncryption  |
-| **Recommended** | Enabled (see [instructions](/windows/client-management/mdm/bitlocker-csp#fixeddrivesrequireencryption)) |
+>| **Default setting** | Disabled |
 >| **Recommended** | Enabled (see [instructions](/windows/client-management/mdm/bitlocker-csp#fixeddrivesrequireencryption)) |
 #### Removable Data Drives
 #### Group Policy
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Removable Data Drives |
+>|:-|:-|
-| **Policy Name** | Deny write access to removable drives not protected by BitLocker |
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Removable Data Drives |
-| **Default setting** | Not configured |
+>| **Policy Name** | Deny write access to removable drives not protected by BitLocker |
-| **Recommended** | Enabled |
+>| **Default setting** | Not configured |
 >| **Recommended** | Enabled |
 #### Registry
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Registry key** | HKLM\System\CurrentControlSet\Policies\Microsoft\FVE |
+>|:-|:-|
-| **Value** | RDVDenyWriteAccess |
+>| **Registry key** | HKLM\System\CurrentControlSet\Policies\Microsoft\FVE |
-| **Type** | REG_DWORD |
+>| **Value** | RDVDenyWriteAccess |
-| **Setting** | "00000001" |
+>| **Type** | REG_DWORD |
 >| **Setting** | "00000001" |
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Registry key** | HKLM\Software\Policies\Microsoft\FVE |
+>|:-|:-|
-| **Value** | RDVDenyCrossOrg |
+>| **Registry key** | HKLM\Software\Policies\Microsoft\FVE |
-| **Type** | REG_DWORD |
+>| **Value** | RDVDenyCrossOrg |
-| **Setting** | "00000000" |
+>| **Type** | REG_DWORD |
 >| **Setting** | "00000000" |
 #### MDM
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **MDM CSP** | BitLocker |
+>|:-|:-|
-| **Policy** | RemovableDrivesRequireEncryption  |
+>| **MDM CSP** | BitLocker |
-| **Default setting** | Disabled |
+>| **Policy** | RemovableDrivesRequireEncryption  |
-| **Recommended** | Enabled (see [instructions](/windows/client-management/mdm/bitlocker-csp#removabledrivesrequireencryption)) |
+>| **Default setting** | Disabled |
 >| **Recommended** | Enabled (see [instructions](/windows/client-management/mdm/bitlocker-csp#removabledrivesrequireencryption)) |
 ### Privacy – AdvertisingID
@ -225,30 +243,33 @@ This setting determines if the advertising ID, which preventing apps from using
 #### Group Policy
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Group Policy** | Computer Configuration\Administrative Templates\System\User Profiles |
+>|:-|:-|
-| **Policy Name** | Turn off the advertising ID |
+>| **Group Policy** | Computer Configuration\Administrative Templates\System\User Profiles |
-| **Default setting** | Not configured |
+>| **Policy Name** | Turn off the advertising ID |
-| **Recommended** | Enabled |
+>| **Default setting** | Not configured |
 >| **Recommended** | Enabled |
 #### Registry
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\AdvertisingInfo |
+>|:-|:-|
-| **Value** | DisabledByGroupPolicy |
+>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\AdvertisingInfo |
-| **Type** | REG_DWORD |
+>| **Value** | DisabledByGroupPolicy |
-| **Setting** | "00000001" |
+>| **Type** | REG_DWORD |
 >| **Setting** | "00000001" |
 #### MDM
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **MDM CSP** | Privacy |
+>|:-|:-|
-| **Policy** | DisableAdvertisingId  |
+>| **MDM CSP** | Privacy |
-| **Default setting** | 65535 (default) - Not configured |
+>| **Policy** | DisableAdvertisingId  |
-| **Recommended** | 1 – Enabled |
+>| **Default setting** | 65535 (default) - Not configured |
 >| **Recommended** | 1 – Enabled |
 ### Edge
@ -259,44 +280,49 @@ These settings whether employees send “Do Not Track” from the Microsoft Edge
 #### Group Policy
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge |
+>|:-|:-|
-| **Policy Name** | Configure Do Not Track |
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge |
-| **Default setting** | Disabled |
+>| **Policy Name** | Configure Do Not Track |
-| **Recommended** | Disabled |
+>| **Default setting** | Disabled |
 >| **Recommended** | Disabled |
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Microsoft Edge |
+>|:-|:-|
-| **Policy Name** | Configure Do Not Track |
+>| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Microsoft Edge |
-| **Default setting** | Disabled |
+>| **Policy Name** | Configure Do Not Track |
-| **Recommended** | Disabled |
+>| **Default setting** | Disabled |
 >| **Recommended** | Disabled |
 #### Registry
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Registry key** | HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main |
+>|:-|:-|
-| **Value** | DoNotTrack |
+>| **Registry key** | HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main |
-| **Type** | REG_DWORD |
+>| **Value** | DoNotTrack |
-| **Setting** | "00000000" |
+>| **Type** | REG_DWORD |
 >| **Setting** | "00000000" |
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Registry key** | HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main |
+>|:-|:-|
-| **Value** | DoNotTrack |
+>| **Registry key** | HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main |
-| **Type** | REG_DWORD |
+>| **Value** | DoNotTrack |
-| **Setting** | "00000000" |
+>| **Type** | REG_DWORD |
 >| **Setting** | "00000000" |
 #### MDM
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **MDM CSP** | Browser |
+>|:-|:-|
-| **Policy** | AllowDoNotTrack (scope: device + user)  |
+>| **MDM CSP** | Browser |
-| **Default setting** | 0 (default) – Not allowed |
+>| **Policy** | AllowDoNotTrack (scope: device + user)  |
-| **Recommended** | 0 – Not allowed |
+>| **Default setting** | 0 (default) – Not allowed |
 >| **Recommended** | 0 – Not allowed |
 ### Internet Explorer
@ -304,41 +330,46 @@ These settings whether employees send “Do Not Track” header from the Microso
 #### Group Policy
-| | |
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>| | |
-| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
+>|:-|:-|
-| **Policy Name** | Always send Do Not Track header |
+>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
-| **Default setting** | Disabled |
+>| **Policy Name** | Always send Do Not Track header |
-| **Recommended** | Disabled |
+>| **Default setting** | Disabled |
 >| **Recommended** | Disabled |
-|||
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>|||
-| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
+>|:-|:-|
-| **Policy Name** | Always send Do Not Track header |
+>| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
-| **Default setting** | Disabled |
+>| **Policy Name** | Always send Do Not Track header |
-| **Recommended** | Disabled |
+>| **Default setting** | Disabled |
 >| **Recommended** | Disabled |
 #### Registry
-|||
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>|||
-| **Registry key** | HKLM\Software\Policies\Microsoft\Internet Explorer\Main |
+>|:-|:-|
-| **Value** | DoNotTrack |
+>| **Registry key** | HKLM\Software\Policies\Microsoft\Internet Explorer\Main |
-| **Type** | REG_DWORD |
+>| **Value** | DoNotTrack |
-| **Setting** | "00000000" |
+>| **Type** | REG_DWORD |
 >| **Setting** | "00000000" |
-|||
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>|||
-| **Registry key** | HKCU\Software\Policies\Microsoft\Internet Explorer\Main |
+>|:-|:-|
-| **Value** | DoNotTrack |
+>| **Registry key** | HKCU\Software\Policies\Microsoft\Internet Explorer\Main |
-| **Type** | REG_DWORD |
+>| **Value** | DoNotTrack |
-| **Setting** | "00000000" |
+>| **Type** | REG_DWORD |
 >| **Setting** | "00000000" |
 #### MDM
-|||
+> [!div class="mx-tableFixed"]
-|:-|:-|
+>|||
-| **MDM CSP** | N/A |
+>|:-|:-|
 >| **MDM CSP** | N/A |
 ## Additional resources
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: high
 author: jsuther1974
-ms.date: 05/03/2018
+ms.date: 05/16/2018
 ---
 # Planning and getting started on the Windows Defender Application Control deployment process
@ -60,5 +60,25 @@ This topic provides a roadmap for planning and getting started on the Windows De
 8.  Enable desired virtualization-based security (VBS) features. Hardware-based security features—also called virtualization-based security (VBS) features—strengthen the protections offered by Windows Defender Application Control. 
-    > [!WARNING]
+## Known issues
-    >  Virtualization-based protection of code integrity may be incompatible with some devices and applications. We strongly recommend testing this configuration in your lab before enabling virtualization-based protection of code integrity on production systems. Failure to do so may result in unexpected failures up to and including data loss or a blue screen error (also called a stop error).
+
 This section covers known issues with WDAC and Device Guard. Virtualization-based protection of code integrity may be incompatible with some devices and applications, which might cause unexpected failures, data loss, or a blue screen error (also called a stop error). 
 Test this configuration in your lab before enabling it in production. 
 ### MSI Installations are blocked by WDAC
 Installing .msi files directly from the internet to a computer protected by WDAC will fail. 
 For example, this command will not work:
 ```code
 msiexec –i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E-76209EA4F429/Windows10_Version_1511_ADMX.msi
 ``` 
 As a workaround, download the MSI file and run it locally: 
 ```code
 msiexec –i c:\temp\Windows10_Version_1511_ADMX.msi  
 ```