Merge branch 'master' of https://github.com/microsoftdocs/windows-itpro-docs into public-8919

2025-05-12 21:37:22 +00:00 · 2019-08-09 14:50:47 -07:00 · 2019-08-09 14:50:47 -07:00 · b887daef29
commit b887daef29
parent 53365f2f3c a11cbd7cef
216 changed files with 17150 additions and 16941 deletions
--- a/browsers/edge/includes/allow-adobe-flash-include.md
+++ b/browsers/edge/includes/allow-adobe-flash-include.md
@ -3,7 +3,8 @@ author: eavena
 ms.author: eravena
 ms.date:  10/02/2018
 ms.reviewer: 
-audience: itpro
manager: dansimp
+audience: itpro
 manager: dansimp
 ms.prod: edge
 ms.topic: include
 ---
@ -34,7 +35,7 @@ ms.topic: include
 #### MDM settings
 - **MDM name:** Browser/[AllowFlash](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowflash)
 - **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash 
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlash 
 - **Data type:** Integer
 #### Registry settings
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
@ -7,7 +7,8 @@ author: lomayor
 ms.prod: ie11
 ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
 ms.reviewer: 
-audience: itpro
manager: dansimp
+audience: itpro
 manager: dansimp
 ms.author: lomayor
 title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
--- a/devices/hololens/hololens-encryption.md
+++ b/devices/hololens/hololens-encryption.md
@ -102,6 +102,6 @@ Provisioning packages are files created by the Windows Configuration Designer to
 Encryption is silent on HoloLens. To verify the device encryption status:
-	On HoloLens, go to **Settings** > **System** > **About**. **BitLocker** is **enabled** if the device is encrypted. 
+- On HoloLens, go to **Settings** > **System** > **About**. **BitLocker** is **enabled** if the device is encrypted. 
 ![About screen showing BitLocker enabled](images/about-encryption.png)
--- a/devices/hololens/hololens-updates.md
+++ b/devices/hololens/hololens-updates.md
@ -22,9 +22,9 @@ manager: dansimp
 For a complete list of Update policies, see [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business).
 To configure how and when updates are applied, use the following policies:
-	[Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
+- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
-	[Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)
+- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)
-	[Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)
+- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)
 To turn off the automatic check for updates, set the following policy to value **5** – Turn off Automatic Updates:
 - [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
--- a/devices/surface-hub/surface-hub-2s-setup.md
+++ b/devices/surface-hub/surface-hub-2s-setup.md
@ -97,4 +97,4 @@ If you insert a USB thumb drive with a provisioning package into one of the USB
    ![* Select a device account and friendly name from your configuration file*](images/sh2-run14.png) <br>
- 4. Follow the instructions to complete first time Setup.
+4. Follow the instructions to complete first time Setup.
--- a/devices/surface-hub/surface-hub-update-history.md
+++ b/devices/surface-hub/surface-hub-update-history.md
@ -26,6 +26,18 @@ Please refer to the “[Surface Hub Important Information](https://support.micro
 ## Windows 10 Team Creators Update 1703
 <details>
 <summary>June 18, 2019—update for Team edition based on KB4503289*  (OS Build 15063.1897)</summary>
 This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
 * Addresses an issue with log collection for Microsoft Surface Hub 2S.
 * Addresses an issue preventing a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully.
 Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
 *[KB4503289](https://support.microsoft.com/help/4503289)
 </details>
 <details>
 <summary>May 28, 2019—update for Team edition based on KB4499162*  (OS Build 15063.1835)</summary>
--- a/devices/surface-hub/whiteboard-collaboration.md
+++ b/devices/surface-hub/whiteboard-collaboration.md
@ -34,7 +34,7 @@ To get Whiteboard to Whiteboard collaboration up and running, you’ll need to m
 - Currently not utilizing Office 365 Germany or Office 365 	operated by 21Vianet
 - Surface Hub needs to be updated to Windows 10, version 1607 or newer
 - Port 443 needs to be open since Whiteboard makes standard https requests
- Whiteboard.ms, wbd.ms, \*.onenote.com, and your company's SharePoint tenant domain URLs need to be whitelisted for proxies
+- Whiteboard.ms, whiteboard.microsoft.com, wbd.ms, \*.onenote.com, and your company's SharePoint tenant domain URLs need to be whitelisted for proxies
 >[!NOTE]
@ -68,4 +68,5 @@ After you’re done, you can export a copy of the Whiteboard collaboration for y
 ## Related topics
 - [Windows 10 Creators Update for Surface Hub](https://www.microsoft.com/surface/support/surface-hub/windows-10-creators-update-surface-hub)
- [Support documentation for Microsoft Whiteboard](https://support.office.com/en-us/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01)
+
 - [Support documentation for Microsoft Whiteboard](https://support.office.com/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01)
--- a/devices/surface/step-by-step-surface-deployment-accelerator.md
+++ b/devices/surface/step-by-step-surface-deployment-accelerator.md
@ -61,8 +61,8 @@ The following steps show you how to create a deployment share for Windows 10 tha
  >[!NOTE]
  >As of SDA version 1.96.0405, SDA will install only the components of the Windows ADK that are required for deployment, as follows:
  > * Deployment tools
-  >  * User State Migration Tool (USMT)
+  > * User State Migration Tool (USMT)
-  >  * Windows Preinstallation Environment (WinPE)
+  > * Windows Preinstallation Environment (WinPE)
  > [!NOTE]
  > As of SDA version 1.96.0405, SDA will install and use MDT 2013 Update 2. Earlier versions of SDA are compatible only with MDT 2013 Update 1.
@ -75,11 +75,11 @@ The following steps show you how to create a deployment share for Windows 10 tha
        -   **Local Path** – Specify or browse to a location on the local storage device where you would like to store the deployment share files for the Windows 10 SDA deployment share. For example, **E:\\SDAWin10\\** is the location specified in Figure 3.
-       -   **Share Name** – Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**.
+        -   **Share Name** – Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**.
    -   **Windows 10 Deployment Services**
-       -   Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) for more information about how to configure Windows Deployment Services for PXE boot.
+        -   Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) for more information about how to configure Windows Deployment Services for PXE boot.
    -   **Windows 10 Source Files**
--- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
+++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
@ -103,39 +103,45 @@ The sample scripts include examples of how to set Surface UEFI settings and how
 ### Specify certificate and package names
-The first region of the script that you need to modify is the portion that specifies and loads the SEMM certificate, and also indicates the names for the SEMM configuration package and SEMM reset package. The certificate and package names are specified on lines 56 through 67 in the ConfigureSEMM.ps1 script:
+The first region of the script that you need to modify is the portion that specifies and loads the SEMM certificate, and also indicates SurfaceUEFIManager version, the names for the SEMM configuration package and SEMM reset package. The certificate name and SurfaceUEFIManager version are specified on lines 56 through 73 in the ConfigureSEMM.ps1 script:
  ```
  56	$WorkingDirPath = split-path -parent $MyInvocation.MyCommand.Definition
  57	$packageRoot = "$WorkingDirPath\Config"
-  58	
+  58	$certName = "FabrikamSEMMSample.pfx"
-  59	if (-not (Test-Path $packageRoot))  { New-Item -ItemType Directory -Force -Path $packageRoot }
+  59  $DllVersion = "2.26.136.0"
-  60	Copy-Item "$WorkingDirPath\FabrikamOwnerSigner.pfx" $packageRoot
+  60
-  61	
+  61  $certNameOnly = [System.IO.Path]::GetFileNameWithoutExtension($certName)
-  62	$privateOwnerKey = Join-Path -Path $packageRoot -ChildPath "FabrikamOwnerSigner.pfx"
+  62  $ProvisioningPackage = $certNameOnly + "ProvisioningPackage.pkg"
-  63	$ownerPackageName = Join-Path -Path $packageRoot -ChildPath "FabrikamSignerProvisioningPackage.pkg"
+  63  $ResetPackage = $certNameOnly + "ResetPackage.pkg"
-  64	$resetPackageName = Join-Path -Path $packageRoot -ChildPath "FabrikamUniversalResetPackage.pkg"
+  64
-  65	
+  65	if (-not (Test-Path $packageRoot))  { New-Item -ItemType Directory -Force -Path $packageRoot }
-  66	# If your PFX file requires a password then it can be set here, otherwise use a blank string.
+  66	Copy-Item "$WorkingDirPath\$certName" $packageRoot
-  67	$password = "1234" 
+  67	
  68	$privateOwnerKey = Join-Path -Path $packageRoot -ChildPath $certName
  69	$ownerPackageName = Join-Path -Path $packageRoot -ChildPath $ProvisioningPackage
  70	$resetPackageName = Join-Path -Path $packageRoot -ChildPath $ResetPackage
  71	
  72	# If your PFX file requires a password then it can be set here, otherwise use a blank string.
  73	$password = "1234" 
  ```
-Replace the **FabrikamOwnerSigner.pfx** value for the **$privateOwnerKey** variable with the name of your SEMM Certificate file on both lines 60 and 62. The script will create a working directory (named Config) in the folder where your scripts are located, and will then copy the certificate file to this working directory.
+Replace the **FabrikamSEMMSample.pfx** value for the **$certName** variable with the name of your SEMM Certificate file on line 58. The script will create a working directory (named Config) in the folder where your scripts are located, and will then copy the certificate file to this working directory.
-Replace the **FabrikamSignerProvisioningPackage.pkg** and **FabrikamUniversalResetPackage.pkg** values on lines 63 and 64 to define the **$ownerPackageName** and **$resetPackageName** variables with your desired names for the SEMM configuration and reset packages. These packages will also be created in the Config directory and hold the configuration for Surface UEFI settings and permissions generated by the script.
+Owner package and reset package will also be created in the Config directory and hold the configuration for Surface UEFI settings and permissions generated by the script.
-On line 67, replace the value of the **$password** variable, from 1234, to the password for your certificate file. If a password is not required, delete the **1234** text.
+On line 73, replace the value of the **$password** variable, from 1234, to the password for your certificate file. If a password is not required, delete the **1234** text.
 >[!Note]
->The last two characters of the certificate thumbprint are required to enroll a device in SEMM. This script will display these digits to the user, which allows the user or technician to record these digits before the system reboots to enroll the device in SEMM. The script uses the following code, found on lines 144-149, to accomplish this:
+>The last two characters of the certificate thumbprint are required to enroll a device in SEMM. This script will display these digits to the user, which allows the user or technician to record these digits before the system reboots to enroll the device in SEMM. The script uses the following code, found on lines 150-155, to accomplish this:
 ```
-144	# Device owners will need the last two characters of the thumbprint to accept SEMM ownership.
+150	# Device owners will need the last two characters of the thumbprint to accept SEMM ownership.
-145	# For convenience we get the thumbprint here and present to the user.
+151	# For convenience we get the thumbprint here and present to the user.
-146	$pw = ConvertTo-SecureString $password -AsPlainText -Force
+152	$pw = ConvertTo-SecureString $password -AsPlainText -Force
-147	$certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
+153	$certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
-148	$certPrint.Import($privateOwnerKey, $pw, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)
+154	$certPrint.Import($privateOwnerKey, $pw, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)
-149	Write-Host "Thumbprint =" $certPrint.Thumbprint
+155	Write-Host "Thumbprint =" $certPrint.Thumbprint
 ```
 Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process:
@ -153,46 +159,47 @@ Administrators with access to the certificate file (.pfx) can read the thumbprin
 ### Configure permissions
-The first region of the script where you will specify the configuration for Surface UEFI is the **Configure Permissions** region. This region begins at line 202 in the sample script with the comment **# Configure Permissions** and continues to line 238. The following code fragment first sets permissions to all Surface UEFI settings so that they may be modified by SEMM only, then adds explicit permissions to allow the local user to modify the Surface UEFI password, TPM, and front and rear cameras:
+The first region of the script where you will specify the configuration for Surface UEFI is the **Configure Permissions** region. This region begins at line 210 in the sample script with the comment **# Configure Permissions** and continues to line 247. The following code fragment first sets permissions to all Surface UEFI settings so that they may be modified by SEMM only, then adds explicit permissions to allow the local user to modify the Surface UEFI password, TPM, and front and rear cameras:
 ```
-202	# Configure Permissions
+210	# Configure Permissions
-203	foreach ($uefiV2 IN $surfaceDevices.Values) {
+211	foreach ($uefiV2 IN $surfaceDevices.Values) {
-204	# Here we define which "identities" will be allowed to modify which settings
+212 if ($uefiV2.SurfaceUefiFamily -eq $Device.Model) {
-205	#   PermissionSignerOwner = The primary SEMM enterprise owner identity
+213 Write-Host "Configuring permissions"
-206	#   PermissionLocal = The user when booting to the UEFI pre-boot GUI
+214 Write-Host $Device.Model
-207	#   PermissionSignerUser, PermissionSignerUser1, PermissionSignerUser2 =
+215 Write-Host "======================="
-208	#     Additional user identities created so that the signer owner
+216
-209	#     can delegate permission control for some settings.
+217	# Here we define which "identities" will be allowed to modify which settings
-210	$ownerOnly = [Microsoft.Surface.IUefiSetting]::PermissionSignerOwner
+218	#   PermissionSignerOwner = The primary SEMM enterprise owner identity
-211	$ownerAndLocalUser = ([Microsoft.Surface.IUefiSetting]::PermissionSignerOwner -bor [Microsoft.Surface.IUefiSetting]::PermissionLocal)
+219	#   PermissionLocal = The user when booting to the UEFI pre-boot GUI
-212	
+220	#   PermissionSignerUser, PermissionSignerUser1, PermissionSignerUser2 =
-213	# Make all permissions owner only by default
+221	#     Additional user identities created so that the signer owner
-214	foreach ($setting IN $uefiV2.Settings.Values) {
+222	#     can delegate permission control for some settings.
-215	$setting.ConfiguredPermissionFlags = $ownerOnly
+223	$ownerOnly = [Microsoft.Surface.IUefiSetting]::PermissionSignerOwner
-216	}
+224	$ownerAndLocalUser = ([Microsoft.Surface.IUefiSetting]::PermissionSignerOwner -bor [Microsoft.Surface.IUefiSetting]::PermissionLocal)
-217	# Allow the local user to change their own password
+225	
-218	$uefiV2.SettingsById[501].ConfiguredPermissionFlags = $ownerAndLocalUser
+226	# Make all permissions owner only by default
-219	
+227	foreach ($setting IN $uefiV2.Settings.Values) {
-220	# Allow the local user to change the state of the TPM
+228	$setting.ConfiguredPermissionFlags = $ownerOnly
-221	$uefiV2.Settings["Trusted Platform Module (TPM)"].ConfiguredPermissionFlags = $ownerAndLocalUser
+229	}
-222	
+230	
-223	# Allow the local user to change the state of the Front and Rear cameras
+231 # Allow the local user to change their own password
-224	$uefiV2.SettingsById[302].ConfiguredPermissionFlags = $ownerAndLocalUser
+232	$uefiV2.SettingsById[501].ConfiguredPermissionFlags = $ownerAndLocalUser
-225	$uefiV2.SettingsById[304].ConfiguredPermissionFlags = $ownerAndLocalUser
+233
-226	 
+234	Write-Host ""
-227	 
+235	 
-228	# Create a unique package name based on family and LSV.
+236	# Create a unique package name based on family and LSV.
-229	# We will choose a name that can be parsed by later scripts.
+237	# We will choose a name that can be parsed by later scripts.
-230	$packageName = $uefiV2.SurfaceUefiFamily + "^Permissions^" + $lsv + ".pkg"
+238	$packageName = $uefiV2.SurfaceUefiFamily + "^Permissions^" + $lsv + ".pkg"
-231	$fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
+239	$fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
-232	
+240	
-233	# Build and sign the Permission package then save it to a file.
+241	# Build and sign the Permission package then save it to a file.
-234	$permissionPackageStream =  $uefiV2.BuildAndSignPermissionPackage($privateOwnerKey, $password, "", $null, $lsv)
+242	$permissionPackageStream =  $uefiV2.BuildAndSignPermissionPackage($privateOwnerKey, $password, "", $null, $lsv)
-235	$permissionPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
+243	$permissionPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
-236	$permissionPackageStream.CopyTo($permissionPackage)
+244	$permissionPackageStream.CopyTo($permissionPackage)
-237	$permissionPackage.Close()
+245	$permissionPackage.Close()
-238	}
+246	}
 247	}
 ```
 Each **$uefiV2** variable identifies a Surface UEFI setting by setting name or ID, and then configures the permissions to one of the following values:
@ -204,69 +211,169 @@ You can find information about the available settings names and IDs for Surface
 ### Configure settings
-The second region of the script where you will specify the configuration for Surface UEFI is the **Configure Settings** region of the ConfigureSEMM.ps1 script, which configures whether each setting is enabled or disabled. The sample script includes instructions to set all settings to their default values. The script then provides explicit instructions to disable IPv6 for PXE Boot and to leave the Surface UEFI Administrator password unchanged. You can find this region beginning with the **# Configure Settings** comment at line 282 through line 312 in the sample script. The region appears as follows:
+The second region of the script where you will specify the configuration for Surface UEFI is the **Configure Settings** region of the ConfigureSEMM.ps1 script, which configures whether each setting is enabled or disabled. The sample script includes instructions to set all settings to their default values. The script then provides explicit instructions to disable IPv6 for PXE Boot and to leave the Surface UEFI Administrator password unchanged. You can find this region beginning with the **# Configure Settings** comment at line 291 through line 335 in the sample script. The region appears as follows:
 ```
-282	# Configure Settings
+291	# Configure Settings
-283	foreach ($uefiV2 IN $surfaceDevices.Values) {
+292	foreach ($uefiV2 IN $surfaceDevices.Values) {
-284	# In this demo, we will start by setting every setting to the default factory setting.
+293 if ($uefiV2.SurfaceUefiFamily -eq $Device.Model) {
-285	# You may want to start by doing this in your scripts
+294 Write-Host "Configuring settings"
-286	# so that every setting gets set to a known state.
+295 Write-Host $Device.Model
-287	foreach ($setting IN $uefiV2.Settings.Values) {
+296 Write-Host "===================="
-288	$setting.ConfiguredValue = $setting.DefaultValue
+297
-289	}
+298	# In this demo, we will start by setting every setting to the default factory setting.
-290	
+299	# You may want to start by doing this in your scripts
-291	# If you want to set something to a different value from the default,
+300	# so that every setting gets set to a known state.
-292	# here are examples of how to accomplish this.
+301	foreach ($setting IN $uefiV2.Settings.Values) {
-293	$uefiV2.Settings["IPv6 for PXE Boot"].ConfiguredValue = "Disabled"
+302	$setting.ConfiguredValue = $setting.DefaultValue
-294	
+303	}
-295	# If you want to leave the setting unmodified, set it to $null
+304	
-296	# PowerShell has issues setting things to $null so ClearConfiguredValue()
+305	$EnabledValue = "Enabled"
-297	# is supplied to do this explicitly.
+306 $DisabledValue = "Disabled"
-298	# Here is an example of leaving the UEFI administrator password as-is,
+307
-299	# even after we initially set it to factory default above.
+308 # If you want to set something to a different value from the default,
-300	$uefiV2.SettingsById[501].ClearConfiguredValue()
+309	# here are examples of how to accomplish this.
-301	
+310	# This disables IPv6 PXE boot by name:
-302	# Create a unique package name based on family and LSV.
+311 $uefiV2.Settings["IPv6 for PXE Boot"].ConfiguredValue = $DisabledValue
-303	# We will choose a name that can be parsed by later scripts.
+312
-304	$packageName = $uefiV2.SurfaceUefiFamily + "^Settings^" + $lsv + ".pkg"
+313 # This disables IPv6 PXE Boot by ID:
-305	$fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
+314 $uefiV2.SettingsById[400].ConfiguredValue = $DisabledValue
-306	
+315
-307	# Build and sign the Settings package then save it to a file.
+316 Write-Host ""
-308	$settingsPackageStream =  $uefiV2.BuildAndSignSecuredSettingsPackage($privateOwnerKey, $password, "", $null, $lsv)
+317
-309	$settingsPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
+318	# If you want to leave the setting unmodified, set it to $null
-310	$settingsPackageStream.CopyTo($settingsPackage)
+319	# PowerShell has issues setting things to $null so ClearConfiguredValue()
-311	$settingsPackage.Close()
+320	# is supplied to do this explicitly.
-312	}
+321	# Here is an example of leaving the UEFI administrator password as-is,
 322	# even after we initially set it to factory default above.
 323	$uefiV2.SettingsById[501].ClearConfiguredValue()
 324	
 325	# Create a unique package name based on family and LSV.
 326	# We will choose a name that can be parsed by later scripts.
 327	$packageName = $uefiV2.SurfaceUefiFamily + "^Settings^" + $lsv + ".pkg"
 328	$fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
 329	
 330	# Build and sign the Settings package then save it to a file.
 331	$settingsPackageStream =  $uefiV2.BuildAndSignSecuredSettingsPackage($privateOwnerKey, $password, "", $null, $lsv)
 332	$settingsPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
 333	$settingsPackageStream.CopyTo($settingsPackage)
 334	$settingsPackage.Close()
 335	}
 ```
 Like the permissions set in the **Configure Permissions** section of the script, the configuration of each Surface UEFI setting is performed by defining the **$uefiV2** variable. For each line defining the **$uefiV2** variable, a Surface UEFI setting is identified by setting name or ID and the configured value is set to **Enabled** or **Disabled**.
-If you do not want to alter the configuration of a Surface UEFI setting, for example to ensure that the Surface UEFI administrator password is not cleared by the action of resetting all Surface UEFI settings to their default, you can use **ClearConfiguredValue()** to enforce that this setting will not be altered. In the sample script, this is used on line 300 to prevent the clearing of the Surface UEFI Administrator password, identified in the sample script by its setting ID, **501**.
+If you do not want to alter the configuration of a Surface UEFI setting, for example to ensure that the Surface UEFI administrator password is not cleared by the action of resetting all Surface UEFI settings to their default, you can use **ClearConfiguredValue()** to enforce that this setting will not be altered. In the sample script, this is used on line 323 to prevent the clearing of the Surface UEFI Administrator password, identified in the sample script by its setting ID, **501**.
 You can find information about the available settings names and IDs for Surface UEFI in the [Settings Names and IDs](#settings-names-and-ids) section later in this article.
 ### Settings registry key
-To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 script writes a registry key that can be used to identify enrolled systems as having been installed with the SEMM configuration script. This key can be found at the following location:
+To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 script writes registry keys that can be used to identify enrolled systems as having been installed with the SEMM configuration script. These keys can be found at the following location:
-`HKLM\SOFTWARE\Microsoft\Surface\SEMM\Enabled_Version1000`
+`HKLM\SOFTWARE\Microsoft\Surface\SEMM`
-The following code fragment, found on lines 352-363, is used to write this registry key:
+The following code fragment, found on lines 380-477, is used to write these registry keys:
 ```
-352	$SurfaceRegKey = "HKLM:\SOFTWARE\Microsoft\Surface\SEMM"
+380	# For SCCM or other management solutions that wish to know what version is applied, tattoo the LSV and current DateTime (in UTC) to the registry:
-353	New-RegKey $SurfaceRegKey
+381	$UTCDate = (Get-Date).ToUniversalTime().ToString()
-354	$SurfaceRegValue = Get-ItemProperty $SurfaceRegKey Enabled_Version1000 -ErrorAction SilentlyContinue
+382	$certIssuer = $certPrint.Issuer
-355	
+383	$certSubject = $certPrint.Subject
-356	If ($SurfaceRegValue -eq $null)
+384	
-357	{
+385	$SurfaceRegKey = "HKLM:\SOFTWARE\Microsoft\Surface\SEMM"
-358	New-ItemProperty -Path $SurfaceRegKey -Name Enabled_Version1000 -PropertyType String -Value 1 | Out-Null
+386	New-RegKey $SurfaceRegKey
-359	}
+387	$LSVRegValue = Get-ItemProperty $SurfaceRegKey LSV -ErrorAction SilentlyContinue
-360	Else
+388	$DateTimeRegValue = Get-ItemProperty $SurfaceRegKey LastConfiguredUTC -ErrorAction SilentlyContinue
-361	{
+389	$OwnershipSessionIdRegValue = Get-ItemProperty $SurfaceRegKey OwnershipSessionId -ErrorAction SilentlyContinue
-362	Set-ItemProperty -Path $SurfaceRegKey -Name Enabled_Version1000 -Value 1
+390	$PermissionSessionIdRegValue = Get-ItemProperty $SurfaceRegKey PermissionSessionId -ErrorAction SilentlyContinue
-363	}
+391	$SettingsSessionIdRegValue = Get-ItemProperty $SurfaceRegKey SettingsSessionId -ErrorAction SilentlyContinue
 392	$IsResetRegValue = Get-ItemProperty $SurfaceRegKey IsReset -ErrorAction SilentlyContinue
 393	$certUsedRegValue = Get-ItemProperty $SurfaceRegKey CertName -ErrorAction SilentlyContinue
 394	$certIssuerRegValue = Get-ItemProperty $SurfaceRegKey CertIssuer -ErrorAction SilentlyContinue
 395	$certSubjectRegValue = Get-ItemProperty $SurfaceRegKey CertSubject -ErrorAction SilentlyContinue
 396	
 397	
 398	If ($LSVRegValue -eq $null)
 399	{
 400	    New-ItemProperty -Path $SurfaceRegKey -Name LSV -PropertyType DWORD -Value $lsv | Out-Null
 401	}
 402	Else
 403	{
 404	    Set-ItemProperty -Path $SurfaceRegKey -Name LSV -Value $lsv
 405	}
 406	
 407	If ($DateTimeRegValue -eq $null)
 408	{
 409	    New-ItemProperty -Path $SurfaceRegKey -Name LastConfiguredUTC -PropertyType String -Value $UTCDate | Out-Null
 410	}
 411	Else
 412	{
 413	    Set-ItemProperty -Path $SurfaceRegKey -Name LastConfiguredUTC -Value $UTCDate
 414	}
 415	
 416	If ($OwnershipSessionIdRegValue -eq $null)
 417	{
 418	    New-ItemProperty -Path $SurfaceRegKey -Name OwnershipSessionId -PropertyType String -Value $ownerSessionIdValue | Out-Null
 419	}
 420	Else
 421	{
 422	    Set-ItemProperty -Path $SurfaceRegKey -Name OwnershipSessionId -Value $ownerSessionIdValue
 423	}
 424	
 425	If ($PermissionSessionIdRegValue -eq $null)
 426	{
 427	    New-ItemProperty -Path $SurfaceRegKey -Name PermissionSessionId -PropertyType String -Value $permissionSessionIdValue | Out-Null
 428	}
 429	Else
 430	{
 431	    Set-ItemProperty -Path $SurfaceRegKey -Name PermissionSessionId -Value $permissionSessionIdValue
 432	}
 433	
 434	If ($SettingsSessionIdRegValue -eq $null)
 435	{
 436	    New-ItemProperty -Path $SurfaceRegKey -Name SettingsSessionId -PropertyType String -Value $settingsSessionIdValue | Out-Null
 437	}
 438	Else
 439	{
 440	    Set-ItemProperty -Path $SurfaceRegKey -Name SettingsSessionId -Value $settingsSessionIdValue
 441	}
 442	
 443	If ($IsResetRegValue -eq $null)
 444	{
 445	    New-ItemProperty -Path $SurfaceRegKey -Name IsReset -PropertyType DWORD -Value 0 | Out-Null
 446	}
 447	Else
 448	{
 449	    Set-ItemProperty -Path $SurfaceRegKey -Name IsReset -Value 0
 450	}
 451	
 452	If ($certUsedRegValue -eq $null)
 453	{
 454	    New-ItemProperty -Path $SurfaceRegKey -Name CertName -PropertyType String -Value $certName | Out-Null
 455	}
 456	Else
 457	{
 458	    Set-ItemProperty -Path $SurfaceRegKey -Name CertName -Value $certName
 459	}
 460	
 461	If ($certIssuerRegValue -eq $null)
 462	{
 463	    New-ItemProperty -Path $SurfaceRegKey -Name CertIssuer -PropertyType String -Value $certIssuer | Out-Null
 464	}
 465	Else
 466	{
 467	    Set-ItemProperty -Path $SurfaceRegKey -Name CertIssuer -Value $certIssuer
 468	}
 469	
 470	If ($certSubjectRegValue -eq $null)
 471	{
 472	    New-ItemProperty -Path $SurfaceRegKey -Name CertSubject -PropertyType String -Value $certSubject | Out-Null
 473	}
 474	Else
 475	{
 476	    Set-ItemProperty -Path $SurfaceRegKey -Name CertSubject -Value $certSubject
 477	}
 ```
 ### Settings names and IDs
--- a/mdop/agpm/TOC.md
+++ b/mdop/agpm/TOC.md
@ -240,5 +240,6 @@
 ###### [AGPM Server Connection Settings](agpm-server-connection-settings.md)
 ###### [Feature Visibility Settings](feature-visibility-settings.md)
 ##### [Other Enhancements to the GPMC](other-enhancements-to-the-gpmc.md)
 ## [Troubleshooting AGPM Upgrades](troubleshooting-agpm40-upgrades.md)
 ## [Resources for AGPM](resources-for-agpm.md)
--- a/mdop/agpm/index.md
+++ b/mdop/agpm/index.md
@ -1,7 +1,7 @@
 ---
 title: Advanced Group Policy Management
 description: Advanced Group Policy Management
-author: jamiejdt
+author: dansimp
 ms.assetid: 493ca3c3-c3d6-4bb1-9430-dc1e43c86bb0
 ms.pagetype: mdop
 ms.mktglfcycl: manage
--- a/mdop/agpm/troubleshooting-agpm40-upgrades.md
+++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md
@ -0,0 +1,41 @@
 ---
 title: Troubleshooting AGPM Upgrades
 description: Troubleshooting AGPM Upgrades
 author: jedodson
 ms.assetid: 1abbf0c1-fd32-46a8-a3ba-c005f066523d
 ms.reviewer: 
 manager: dansimp
 ms.author: jedodson
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.prod: w10
 ms.date: 06/16/2016
 ---
 # Troubleshooting AGPM Upgrades
 This section lists common issues that you may encounter when you upgrade your Advanced Group Policy Management (AGPM) server to a newer version (e.g. AGPM 4.0 to AGPM 4.3). To diagnose issues not listed here, it may be helpful to view the [Troubleshooting AGPM](troubleshooting-agpm-agpm40.md) or for an AGPM Administrator (Full Control) to use logging and tracing. For more information, see [Configure Logging and Tracing](configure-logging-and-tracing-agpm40.md).
 ## What problems are you having?
 -   [Failed to generate a HTML GPO difference report (Error code 80004003)](#bkmk-error-80004003)
 ### <a href="" id="bkmk-error-80004003"></a>Failed to generate a HTML GPO difference report (Error code 80004003)
 -   **Cause**: You have installed the AGPM upgrade package with an incorrect account.
 -   **Solution**: You will need to be an AGPM administrator in order to fix this issue.
    -   Ensure you know the username & password of your **AGPM service account**.
    -   Log onto your AGPM server interactively as your AGPM service account.
        -   This is critically important, as the install will fail if you use a different account.
    -   Shutdown the AGPM service.
    -   Install the required hotfix.
    -   Connect to AGPM using an AGPM client to test that your difference reports are now functioning.
--- a/mdop/appv-v4/app-v-45-sp2-release-notes.md
+++ b/mdop/appv-v4/app-v-45-sp2-release-notes.md
@ -73,11 +73,11 @@ When this has been completed, install the App-V 4.5 SP2 Clients by using Setup.m
 When installing Microsoft Application Error Reporting, use the following command if you are installing or upgrading to the App-V 4.5 SP2 Desktop Client:
-**    msiexec /i dw20shared.msi APPGUID={C6FC75B9-7D86-4C44-8BDB-EAFE1F0E200D}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus**
+**msiexec /i dw20shared.msi APPGUID={C6FC75B9-7D86-4C44-8BDB-EAFE1F0E200D}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus**
 Alternatively, if you are installing or upgrading to the App-V 4.5 SP2 Client for Remote Desktop Services (formerly Terminal Services), use the following command:
-**    msiexec /i dw20shared.msi APPGUID={ECF80BBA-CA07-4A74-9ED6-E064F38AF1F5} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus**
+**msiexec /i dw20shared.msi APPGUID={ECF80BBA-CA07-4A74-9ED6-E064F38AF1F5} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus**
 **Note**  
 -   The APPGUID parameter references the product code of the App-V Clients that you install or upgrade. The product code is unique for each Setup.msi. You can use the Orca Database Editor or a similar tool to examine Windows Installer files and determine the product code. This step is required for all installations or upgrades to App-V 4.5 SP2.
--- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md
+++ b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md
@ -156,7 +156,7 @@ Instead of changing the AppFS key FILENAME value every time that a new cache fil
 3.  On the VDI Master VM Image, open a Command Prompt window by using the **Run as administrator** option and grant remote link permissions so that the VM can access the symbolic link on the VDI Host operating system. By default, remote link permissions are disabled.
-    **     fsutil behavior set SymlinkEvaluation R2R:1**
+    **fsutil behavior set SymlinkEvaluation R2R:1**
    **Note**  
    On the storage server, appropriate link permissions must be enabled. Depending on the location of link and the Sftfs.fsd file, the permissions are **L2L:1** or **L2R:1** or **R2L:1** or **R2R:1**.
--- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md
+++ b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md
@ -167,7 +167,7 @@ Instead of modifying the AppFS key FILENAME value every time that a new cache fi
 3.  On the VDI Master VM Image, open a Command Prompt window by using the **Run as administrator** option and grant remote link permissions so that the VM can access the symbolic link on the VDI Host operating system. By default, remote link permissions are disabled.
-    **     fsutil behavior set SymlinkEvaluation R2R:1**
+    **fsutil behavior set SymlinkEvaluation R2R:1**
    **Note**  
    On the storage server, appropriate link permissions must be enabled. Depending on the location of link and the Sftfs.fsd file, the permissions are **L2L:1** or **L2R:1** or **R2L:1** or **R2R:1**.
--- a/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md
+++ b/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md
@ -13,52 +13,42 @@ ms.prod: w8
 ms.date: 08/30/2016
 ---
 # How to Manually Install the Application Virtualization Client
 There are two types of Application Virtualization Client components: the Application Virtualization Desktop Client, which is designed for installation on desktop computers, and the Application Virtualization Client for Remote Desktop Services (formerly Terminal Services), which you can install on Remote Desktop Session Host (RD Session Host) servers . Although the two client installer programs are different, you can use the following procedure to manually install either the Application Virtualization Desktop Client on a single desktop computer or the Application Virtualization Client for Remote Desktop Services on a single RD Session Host server. In a production environment, you most likely will install the Application Virtualization Desktop Client on multiple desktop computers with an automated scripted installation process. For information about how to install multiple clients by using a scripted installation process, see [How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md).
 **Note**  
-1.  If you are installing the Application Virtualization Client for Remote Desktop Services software on a RD Session Host server, advise users who have an open RDP or ICA client session with the RD Session Host server that they must save their work and close their sessions. In a Remote Desktop session, you can install the client the client manually. For more information about upgrading the client, see [How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md).
+1. If you are installing the Application Virtualization Client for Remote Desktop Services software on a RD Session Host server, advise users who have an open RDP or ICA client session with the RD Session Host server that they must save their work and close their sessions. In a Remote Desktop session, you can install the client the client manually. For more information about upgrading the client, see [How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md).
 2.  If you have any configuration on the user’s computer that depends on the client install path, note that the Application Virtualization (App-V) 4.5 client uses a different install folder than previous versions. By default, a new install of the Application Virtualization (App-V) 4.5 client will install to the \\Program Files\\Microsoft Application Virtualization Client folder. If an earlier version of the client is already installed, installing the App-V client will perform an upgrade into the existing installation folder.
 2. If you have any configuration on the user’s computer that depends on the client install path, note that the Application Virtualization (App-V) 4.5 client uses a different install folder than previous versions. By default, a new install of the Application Virtualization (App-V) 4.5 client will install to the \\Program Files\\Microsoft Application Virtualization Client folder. If an earlier version of the client is already installed, installing the App-V client will perform an upgrade into the existing installation folder.
 **Note**  
 For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL is installed in the Windows\\system32 directory. If the App-V client is installed on a 64-bit system, SFTLDR\_WOW64.DLL is installed in the Windows\\SysWOW64 directory.
 **To manually install Application Virtualization Desktop Client**
-1.  After you have obtained the correct installer archive file and saved it to your computer, make sure you are logged on with an account having administrator rights on the computer and double-click the file to expand the archive.
+1. After you have obtained the correct installer archive file and saved it to your computer, make sure you are logged on with an account having administrator rights on the computer and double-click the file to expand the archive.
-2.  Choose the folder in which to save the files, and then open the folder after the files have been copied to it.
+2. Choose the folder in which to save the files, and then open the folder after the files have been copied to it.
-3.  Review the Release Notes if appropriate.
+3. Review the Release Notes if appropriate.
-4.  Browse to find the setup.exe file, and double-click setup.exe to start the installation.
+4. Browse to find the setup.exe file, and double-click setup.exe to start the installation.
-5.  The wizard checks the system to ensure that all prerequisite software is installed, and if any of the following are missing, the wizard will automatically prompt you to install them:
+5. The wizard checks the system to ensure that all prerequisite software is installed, and if any of the following are missing, the wizard will automatically prompt you to install them:
-    -   Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
+    - Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
-    -   Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)
+    - Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)
-    -   Microsoft Application Error Reporting
+    - Microsoft Application Error Reporting
    **Note**  
    For App-V version 4.6 and later, the wizard will also install Microsoft Visual C++ 2008 SP1 Redistributable Package (x86).
-    For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see <https://go.microsoft.com/fwlink/?LinkId=150700> (https://go.microsoft.com/fwlink/?LinkId=150700).
+    For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [https://go.microsoft.com/fwlink/?LinkId=150700](https://go.microsoft.com/fwlink/?LinkId=150700).
-
+    If prompted, click **Install**. Installation progress is displayed, and the status changes from **Pending** to **Installing**. Installation status changes to **Succeeded** as each step is completed successfully.
 ~~~
 If prompted, click **Install**. Installation progress is displayed, and the status changes from **Pending** to **Installing**. Installation status changes to **Succeeded** as each step is completed successfully.
 ~~~
 6. When the **Microsoft Application Virtualization Desktop Client – InstallShield Wizard** is displayed, click **Next**.
@ -76,88 +66,66 @@ If prompted, click **Install**. Installation progress is displayed, and the stat
 12. On the **Application Virtualization Data Location** screen, click **Next** to accept the default data locations or complete the following actions to change where the data is stored:
-   1.  Click **Change**, and then browse to or, in the **Global Data Location** field, enter the destination folder for the global data location, and click **OK**. The Global Data Directory is where the Application Virtualization Desktop Client caches data shared by all users on the computer, like OSD files and SFT file data.
+    1. Click **Change**, and then browse to or, in the **Global Data Location** field, enter the destination folder for the global data location, and click **OK**. The Global Data Directory is where the Application Virtualization Desktop Client caches data shared by all users on the computer, like OSD files and SFT file data.
-   2.  If you want to change the drive letter to be used, select the preferred drive letter from the drop-down list.
+    2. If you want to change the drive letter to be used, select the preferred drive letter from the drop-down list.
-   3.  Enter a new path to store the user-specific data in the **User-specific Data Location** field if you want to change the data location. The User Data Directory is where the Application Virtualization Desktop Client stores user-specific information, like personal settings for virtualized applications.
+    3. Enter a new path to store the user-specific data in the **User-specific Data Location** field if you want to change the data location. The User Data Directory is where the Application Virtualization Desktop Client stores user-specific information, like personal settings for virtualized applications.
       **Note**  
       This path must be different for every user, so it should include a user-specific environment variable or a mapped drive or something else that will resolve to a unique path for each user.
-
+    4. When you have finished making the changes, click **Next**.
   4.  When you have finished making the changes, click **Next**.
 13. On the **Cache Size Settings** screen, you can accept or change the default cache size. Click one of the following radio buttons to choose how to manage the cache space:
-   1.  **Use maximum cache size**. Enter a numeric value from 100–1,048,576 (1 TB) in the **Maximum size (MB)** field to specify the maximum size of the cache.
+    1. **Use maximum cache size**. Enter a numeric value from 100–1,048,576 (1 TB) in the **Maximum size (MB)** field to specify the maximum size of the cache.
-   2.  **Use free disk space threshold**. Enter a numeric value to specify the amount of free disk space, in MB, that the Application Virtualization Client must leave available on the disk. This allows the cache to grow until the amount of free disk space reaches this limit. The value shown in **Free disk space remaining** indicates how much disk space is currently unused.
+    2. **Use free disk space threshold**. Enter a numeric value to specify the amount of free disk space, in MB, that the Application Virtualization Client must leave available on the disk. This allows the cache to grow until the amount of free disk space reaches this limit. The value shown in **Free disk space remaining** indicates how much disk space is currently unused.
-   **Important**  
+    **Important**  
-   To ensure that the cache has sufficient space allocated for all packages that might be deployed, use the **Use free disk space threshold** setting when you configure the client so that the cache can grow as needed. Alternatively, determine in advance how much disk space will be needed for the App-V cache, and at installation time, set the cache size accordingly. For more information about the cache space management feature, in the Microsoft Application Virtualization (App-V) Operations Guide, see **How to Use the Cache Space Management Feature**.
+    To ensure that the cache has sufficient space allocated for all packages that might be deployed, use the **Use free disk space threshold** setting when you configure the client so that the cache can grow as needed. Alternatively, determine in advance how much disk space will be needed for the App-V cache, and at installation time, set the cache size accordingly. For more information about the cache space management feature, in the Microsoft Application Virtualization (App-V) Operations Guide, see **How to Use the Cache Space Management Feature**.
-
+    Click **Next** to continue.
 ~~~
 Click **Next** to continue.
 ~~~
 14. In the following sections of the **Runtime Package Policy Configuration** screen, you can change the parameters that affect how the Application Virtualization client behaves during runtime:
-   1.  **Application Source Root**. Specifies the location of SFT files. If used, overrides the protocol, server, and port portions of the CODEBASE HREF URL in the OSD file.
+    1. **Application Source Root**. Specifies the location of SFT files. If used, overrides the protocol, server, and port portions of the CODEBASE HREF URL in the OSD file.
-   2.  **Application Authorization**. When **Require User authorization even when cached** is checked, users are required to connect to a server and validate their credentials at least once before they are allowed to start each virtual application.
+    2. **Application Authorization**. When **Require User authorization even when cached** is checked, users are required to connect to a server and validate their credentials at least once before they are allowed to start each virtual application.
-   3.  **Allow streaming from file**. Indicates whether streaming from file will be enabled, regardless of how the **Application Source Root** field is used. If not checked, streaming from files is disabled. This must be checked if **Application Source Root** contains a UNC path in the form \\\\server\\share.
+    3. **Allow streaming from file**. Indicates whether streaming from file will be enabled, regardless of how the **Application Source Root** field is used. If not checked, streaming from files is disabled. This must be checked if **Application Source Root** contains a UNC path in the form \\\\server\\share.
-   4.  **Automatically Load Application**. Controls when and how automatic background loading of applications occurs.
+    4. **Automatically Load Application**. Controls when and how automatic background loading of applications occurs.
       **Note**  
       When you install the App-V client to use with a read-only cache, for example, with a VDI server implementation, set **What applications to Auto Load** to **Do not automatically load applications** to prevent the client from trying to update applications in the read-only cache.
-
+    Click **Next** to continue.
 ~~~
 Click **Next** to continue.
 ~~~
 15. On the **Publishing Server** screen, select the **Set up a Publishing Server now** check box if you want to define a publishing server, or click **Next** if you want to complete this later. To define a publishing server, specify the following information:
-   1.  **Display Name**—Enter the name you want to display for the server.
+    1. **Display Name**—Enter the name you want to display for the server.
-   2.  **Type**—Select the server type from the drop-down list of server types.
+    2. **Type**—Select the server type from the drop-down list of server types.
-   3.  **Host Name** and **Port**—Enter the host name and the port in the corresponding fields. When you select a server type in the drop-down list, the port field will automatically fill with the standard port numbers. To change a port number, click the server type in the list and change the port number according to your needs.
+    3. **Host Name** and **Port**—Enter the host name and the port in the corresponding fields. When you select a server type in the drop-down list, the port field will automatically fill with the standard port numbers. To change a port number, click the server type in the list and change the port number according to your needs.
-   4.  **Path**—If you have selected either **Standard HTTP Server** or **Enhanced Security HTTP Server**, you must enter the complete path to the XML file containing publishing data in this field. If you select either **Application Virtualization Server** or **Enhanced Security Application Virtualization Server**, this field is not active.
+    4. **Path**—If you have selected either **Standard HTTP Server** or **Enhanced Security HTTP Server**, you must enter the complete path to the XML file containing publishing data in this field. If you select either **Application Virtualization Server** or **Enhanced Security Application Virtualization Server**, this field is not active.
-   5.  **Automatically contact this server to update settings when a user logs in**—Select this check box if you want this server to be queried automatically when users log in to their account on the Application Virtualization Client.
+    5. **Automatically contact this server to update settings when a user logs in**—Select this check box if you want this server to be queried automatically when users log in to their account on the Application Virtualization Client.
-   6.  When finished with the configuration steps, click **Next**.
+    6. When finished with the configuration steps, click **Next**.
 16. On the **Ready to Install the Program** screen, click **Install**. A screen is displayed that shows the progress of the installation.
 17. On the **Install Wizard Completed** screen, click **Finish**.
-   **Note**  
+    **Note**  
-   If the installation fails for any reason, you might need to restart the computer before trying the install again.
+    If the installation fails for any reason, you might need to restart the computer before trying the install again.
 ## Related topics
 [How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md)
 [Stand-Alone Delivery Scenario Overview](stand-alone-delivery-scenario-overview.md)
--- a/mdop/appv-v4/index.md
+++ b/mdop/appv-v4/index.md
@ -1,7 +1,7 @@
 ---
 title: Application Virtualization 4
 description: Application Virtualization 4
-author: jamiejdt
+author: dansimp
 ms.assetid: 9da557bc-f433-47d3-8af7-68ec4ff9bd3f
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
--- a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md
@ -76,7 +76,7 @@ This section is divided into two parts: (1) features in all versions of App-V an
 Microsoft Error Reporting provides a service that allows you to report problems you may be having with App-V to Microsoft and to receive information that may help you avoid or solve such problems.
-**Information Collected, Processed, or Transmitted: **
+**Information Collected, Processed, or Transmitted:**
 For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <https://go.microsoft.com/fwlink/?linkid=50293>.
@ -84,7 +84,7 @@ For information about the information collected, processed, or transmitted by Mi
 We use the error reporting data to solve customer problems and improve our software and services.
-**Choice/Control: **
+**Choice/Control:**
 App-V does not change your Microsoft Error Reporting settings. If you previously turned on error reporting, it will send Microsoft the information about the errors you encountered. When Microsoft needs additional data to analyze the problem, you will be prompted to review the data and choose whether or not to send it.  App-V will always respect your Microsoft Error Reporting settings.
@ -98,7 +98,7 @@ Enterprise customers can use Group Policy to configure how Microsoft Error Repor
 Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software, including App-V.  For details about what information is collected, how it is used and how to change your settings, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?linkid=50142>.
-**Choice/Control: **
+**Choice/Control:**
 If Microsoft Update is not enabled, you can opt-in during setup and subsequent checks for updates will follow the machine-wide schedule. You can update this option from the Microsoft Update Control Panel item.
@ -108,7 +108,7 @@ If Microsoft Update is not enabled, you can opt-in during setup and subsequent c
 The product will collect various configuration items, including UserID, MachineID and SecurityGroup details, to be able to enforce settings on managed nodes. The data is stored in the App-V SQL database and transmitted across the App-V server and client components to enforce the configuration on the managed node.
-**Information Collected, Processed, or Transmitted: **
+**Information Collected, Processed, or Transmitted:**
 User and machine information and configuration content
@ -116,7 +116,7 @@ User and machine information and configuration content
 The information is used to enforce the application access configuration on the managed nodes within the enterprise. The information does not leave the enterprise.
-**Choice/Control: **
+**Choice/Control:**
 By default, the product does not have any data. All data is entered and enabled by the admin and can be viewed in the Management console. The feature cannot be disabled as this is the product functionality. To disable this, App-V will need to be uninstalled.
@ -130,7 +130,7 @@ None of this information is sent out of the enterprise.
 It captures package history and asset information as part of the package.
-**Information Collected, Processed, or Transmitted: **
+**Information Collected, Processed, or Transmitted:**
 Information about the package and the sequencing environment is collected and stored in the package manifest during sequencing.
@ -138,7 +138,7 @@ Information about the package and the sequencing environment is collected and st
 The information will be used by the admin to track the updates done to a package during its lifecycle. It will also be used by software deployment systems to track the package deployments within the organization.
-**Choice/Control: **
+**Choice/Control:**
 This feature is always enabled and cannot be turned off.
@ -152,7 +152,7 @@ This administrator information will be stored in the package and can be viewed b
 The product will collect a variety of reporting data points, including the username, to allow reporting on the usage of the product.
-**Information Collected, Processed, or Transmitted: **
+**Information Collected, Processed, or Transmitted:**
 Information about the machine, package and application usage are collected from every machine that reporting is enabled on.
@ -160,7 +160,7 @@ Information about the machine, package and application usage are collected from
 The information is used to report on application usage within the enterprise. The information does not leave the enterprise.
-**Choice/Control: **
+**Choice/Control:**
 By default, the product does not have any data. Data is only collected once the reporting feature is enabled on the App-V Client. To disable the collection of reporting data, the reporting feature must be disabled on all clients.
@ -178,7 +178,7 @@ This section addresses specific features available in App-V 4.6 SP1 and later.
 The Customer Experience Improvement Program (“CEIP”) collects basic information about your hardware configuration and how you use our software and services in order to identify trends and usage patterns. CEIP also collects the type and number of errors you encounter, software and hardware performance, and the speed of services. We will not collect your name, address, or other contact information.
-**Information Collected, Processed, or Transmitted: **
+**Information Collected, Processed, or Transmitted:**
 For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <https://go.microsoft.com/fwlink/?LinkID=52097>.
@ -186,7 +186,7 @@ For more information about the information collected, processed, or transmitted
 We use this information to improve the quality, reliability, and performance of Microsoft software and services.
-**Choice/Control: **
+**Choice/Control:**
 CEIP is optional and the opt-in status can be updated during install or post install from the GUI.  
@ -196,7 +196,7 @@ CEIP is optional and the opt-in status can be updated during install or post ins
 Customers can use Application Package Accelerators to automatically package complex applications without installing the application. The App-V sequencer allows you to create package accelerators for each virtual package. You can then use these package accelerators to automatically re-create the same virtual package in the future. You may also use package accelerators released by Microsoft or other third parties to simplify and automate packaging of complex applications.
-**Information Collected, Processed, or Transmitted: **
+**Information Collected, Processed, or Transmitted:**
 Application Package Accelerators may contain information such as computer names, user account information, and information about applications included in the Package Accelerator file.
--- a/mdop/appv-v4/planning-for-client-security.md
+++ b/mdop/appv-v4/planning-for-client-security.md
@ -34,7 +34,7 @@ By default, at installation the App-V client is configured with the minimum perm
 By default, the installation of the client registers file type associations (FTAs) for OSD files, which enables users to start applications directly from OSD files instead of the published shortcuts. If a user with local administrator rights receives an OSD file containing malicious code, either in e-mail or downloaded from a Web site, the user can open the OSD file and start the application even if the client has been set to restrict the **Add Application** permission. You can unregister the FTAs for the OSD to reduce this risk. Also, consider blocking this extension in the e-mail system and at the firewall. For more information about configuring Outlook to block extensions, see <https://go.microsoft.com/fwlink/?LinkId=133278>.
-**Security Note:  **
+**Security Note:**
 Starting with App-V version 4.6, the file type association is no longer created for OSD files during a new installation of the client, although the existing settings will be maintained during an upgrade from version 4.2 or 4.5 of the App-V client. If for any reason it is essential to create the file type association, you can create the following registry keys and set their values as shown:
@ -50,7 +50,7 @@ During installation, you can use the **RequireAuthorizationIfCached** parameter
 Antivirus software running on an App-V Client computer can detect and report an infected file in the virtual environment. However, it cannot disinfect the file. If a virus is detected in the virtual environment, the antivirus software would perform the configured quarantine or repair operation in the cache, not in the actual package. Configure the antivirus software with an exception for the sftfs.fsd file. This file is the cache file that stores packages on the App-V Client.
-**Security Note:  **
+**Security Note:**
 If a virus is detected in an application or package deployed in the production environment, replace the application or package with a virus-free version.
--- a/mdop/appv-v4/security-and-protection-overview.md
+++ b/mdop/appv-v4/security-and-protection-overview.md
@ -21,7 +21,7 @@ Microsoft Application Virtualization 4.5 provides the following enhanced securi
 -   Application Virtualization now supports Transport Layer Security (TLS) using X.509 V3 certificates. Provided that a server certificate has been provisioned to the planned Application Virtualization Management or Streaming Server, the installation will default to secure, using the RTSPS protocol over port 322. Using RTSPS ensures that communication between the Application Virtualization Servers and the Application Virtualization Clients is signed and encrypted. If no certificate is assigned to the server during the Application Virtualization Server installation, the communication will be set to RTSP over port 554.
-    **Security Note:  **
+    **Security Note:**
    To help provide a secure setup of the server, you must make sure that RTSP ports are disabled even if you have all packages configured to use RTSPS.
--- a/mdop/appv-v5/index.md
+++ b/mdop/appv-v5/index.md
@ -1,7 +1,7 @@
 ---
 title: Application Virtualization 5
 description: Application Virtualization 5
-author: jamiejdt
+author: dansimp
 ms.assetid: e82eb44b-9ccd-41aa-923b-71400230ad23
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
--- a/mdop/dart-v10/index.md
+++ b/mdop/dart-v10/index.md
@ -1,7 +1,7 @@
 ---
 title: Diagnostics and Recovery Toolset 10
 description: Diagnostics and Recovery Toolset 10
-author: jamiejdt
+author: dansimp
 ms.assetid: 64403eca-ff05-4327-ac33-bdcc96e706c8
 ms.pagetype: mdop
 ms.mktglfcycl: support
--- a/mdop/dart-v7/index.md
+++ b/mdop/dart-v7/index.md
@ -1,7 +1,7 @@
 ---
 title: Diagnostics and Recovery Toolset 7 Administrator's Guide
 description: Diagnostics and Recovery Toolset 7 Administrator's Guide
-author: jamiejdt
+author: dansimp
 ms.assetid: bf89eccd-fc03-48ff-9019-a8640e11dd99
 ms.pagetype: mdop
 ms.mktglfcycl: support
--- a/mdop/dart-v8/index.md
+++ b/mdop/dart-v8/index.md
@ -1,7 +1,7 @@
 ---
 title: Diagnostics and Recovery Toolset 8 Administrator's Guide
 description: Diagnostics and Recovery Toolset 8 Administrator's Guide
-author: jamiejdt
+author: dansimp
 ms.assetid: 33685dd7-844f-4864-b504-3ef384ef01de
 ms.pagetype: mdop
 ms.mktglfcycl: support
--- a/mdop/index.md
+++ b/mdop/index.md
@ -2,7 +2,7 @@
 title: MDOP Information Experience
 description: MDOP Information Experience
 ms.assetid: 12b8ab56-3267-450d-bb22-1c7e44cb8e52
-author: jamiejdt
+author: dansimp
 ms.pagetype: mdop
 ms.mktglfcycl: manage
 ms.sitesec: library
--- a/mdop/mbam-v1/index.md
+++ b/mdop/mbam-v1/index.md
@ -1,7 +1,7 @@
 ---
 title: Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide
 description: Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide
-author: jamiejdt
+author: dansimp
 ms.assetid: 4086e721-db24-4439-bdcd-ac5ef901811f
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
@ -10,46 +10,36 @@ ms.prod: w8
 ms.date: 04/19/2017
 ---
 # Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide
 Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface that you can use to manage BitLocker drive encryption. With MBAM, you can select BitLocker encryption policy options that are appropriate to your enterprise and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the entire enterprise. In addition, you can access recovery key information when users forget their PIN or password, or when their BIOS or boot record changes.
-<a href="" id="getting-started-with-mbam-1-0"></a>[Getting Started with MBAM 1.0](getting-started-with-mbam-10.md)  
+- [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md)  
-
+  - [About MBAM 1.0](about-mbam-10.md)
-[About MBAM 1.0](about-mbam-10.md)**|**[Evaluating MBAM 1.0](evaluating-mbam-10.md)**|**[High Level Architecture for MBAM 1.0](high-level-architecture-for-mbam-10.md)**|**[Accessibility for MBAM 1.0](accessibility-for-mbam-10.md)**|**[Privacy Statement for MBAM 1.0](privacy-statement-for-mbam-10.md)
+  - [Release Notes for MBAM 1.0](release-notes-for-mbam-10.md)
-
+  - [Evaluating MBAM 1.0](evaluating-mbam-10.md)
-<a href="" id="planning-for-mbam-1-0"></a>[Planning for MBAM 1.0](planning-for-mbam-10.md)  
+  - [High Level Architecture for MBAM 1.0](high-level-architecture-for-mbam-10.md)
-
+  - [Accessibility for MBAM 1.0](accessibility-for-mbam-10.md)
-[Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md)**|**[MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)**|**[Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md)**|**[MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md)**|**[MBAM 1.0 Planning Checklist](mbam-10-planning-checklist.md)
+  - [Privacy Statement for MBAM 1.0](privacy-statement-for-mbam-10.md)
-
+- [Planning for MBAM 1.0](planning-for-mbam-10.md)  
-<a href="" id="deploying-mbam-1-0"></a>[Deploying MBAM 1.0](deploying-mbam-10.md)  
+  - [Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md)
-
+  - [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)
-[Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md)**|**[Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md)**|**[Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md)**|**[Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md)**|**[MBAM 1.0 Deployment Checklist](mbam-10-deployment-checklist.md)
+  - [Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md)
-
+  - [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md)
-<a href="" id="operations-for-mbam-1-0"></a>[Operations for MBAM 1.0](operations-for-mbam-10.md)  
+  - [MBAM 1.0 Planning Checklist](mbam-10-planning-checklist.md)
-
+- [Deploying MBAM 1.0](deploying-mbam-10.md)  
-[Administering MBAM 1.0 Features](administering-mbam-10-features.md)**|**[Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md)**|**[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md)**|**[Administering MBAM 1.0 by Using PowerShell](administering-mbam-10-by-using-powershell.md)
+  - [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md)
-
+  - [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md)
-<a href="" id="troubleshooting-mbam-1-0"></a>[Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md)  
+  - [Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md)
-
+  - [Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md)
-### More Information
+  - [MBAM 1.0 Deployment Checklist](mbam-10-deployment-checklist.md)
-
+- [Operations for MBAM 1.0](operations-for-mbam-10.md)  
-<a href="" id="release-notes-for-mbam-1-0"></a>[Release Notes for MBAM 1.0](release-notes-for-mbam-10.md)  
+  - [Administering MBAM 1.0 Features](administering-mbam-10-features.md)
-View updated product information and known issues for MBAM 1.0.
+  - [Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md)
-
+  - [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md)
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
+  - [Administering MBAM 1.0 by Using PowerShell](administering-mbam-10-by-using-powershell.md)
-Learn about the latest MDOP information and resources.
+- [Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md)  
 <a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
 Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 ## More Information
 - [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
  Find documentation, videos, and other resources for MDOP technologies.
--- a/mdop/mbam-v2/index.md
+++ b/mdop/mbam-v2/index.md
@ -1,7 +1,7 @@
 ---
 title: Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide
 description: Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide
-author: jamiejdt
+author: dansimp
 ms.assetid: fdb43f62-960a-4811-8802-50efdf04b4af
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
@ -10,43 +10,47 @@ ms.prod: w8
 ms.date: 04/19/2017
 ---
 # Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide
 Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 provides a simplified administrative interface that you can use to manage BitLocker drive encryption. In BitLocker Administration and Monitoring 2.0, you can select BitLocker drive encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes.
-<a href="" id="getting-started-with-mbam-2-0"></a>[Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md)  
+## Outline
-[About MBAM 2.0](about-mbam-20-mbam-2.md)**|**[Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md)**|**[About MBAM 2.0 SP1](about-mbam-20-sp1.md)**|**[Release Notes for MBAM 2.0 SP1](release-notes-for-mbam-20-sp1.md)**|**[Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md)**|**[High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md)**|**[Accessibility for MBAM 2.0](accessibility-for-mbam-20-mbam-2.md)
+- [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md)
  - [About MBAM 2.0](about-mbam-20-mbam-2.md)
  - [Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md)
  - [About MBAM 2.0 SP1](about-mbam-20-sp1.md)
  - [Release Notes for MBAM 2.0 SP1](release-notes-for-mbam-20-sp1.md)
  - [Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md)
  - [High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md)
  - [Accessibility for MBAM 2.0](accessibility-for-mbam-20-mbam-2.md)
 - [Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md)
  - [Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md)
  - [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md)
  - [Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md)
  - [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md)
  - [MBAM 2.0 Planning Checklist](mbam-20-planning-checklist-mbam-2.md)
 - [Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md)
  - [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md)
  - [Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md)
  - [Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md)
  - [MBAM 2.0 Deployment Checklist](mbam-20-deployment-checklist-mbam-2.md)
  - [Upgrading from Previous Versions of MBAM](upgrading-from-previous-versions-of-mbam.md)
 - [Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md)
  - [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md)
  - [Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md)
  - [Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md)
  - [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md)
  - [Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md)
  - [Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md)
  - [Administering MBAM 2.0 Using PowerShell](administering-mbam-20-using-powershell-mbam-2.md)
 - [Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md)
-<a href="" id="planning-for-mbam-2-0"></a>[Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md)  
+## More Information
-[Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md)**|**[MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md)**|**[Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md)**|**[MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md)**|**[MBAM 2.0 Planning Checklist](mbam-20-planning-checklist-mbam-2.md)
+- [MDOP Information Experience](index.md)
-<a href="" id="deploying-mbam-2-0"></a>[Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md)  
+  Find documentation, videos, and other resources for MDOP technologies.
 [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md)**|**[Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md)**|**[Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md)**|**[MBAM 2.0 Deployment Checklist](mbam-20-deployment-checklist-mbam-2.md)**|**[Upgrading from Previous Versions of MBAM](upgrading-from-previous-versions-of-mbam.md)
 <a href="" id="operations-for-mbam-2-0"></a>[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md)  
 [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md)**|**[Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md)**|**[Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md)**|**[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md)**|**[Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md)**|**[Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md)**|** [Administering MBAM 2.0 Using PowerShell](administering-mbam-20-using-powershell-mbam-2.md)
 <a href="" id="troubleshooting-mbam-2-0"></a>[Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md)  
 ### More Information
 -   [Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md)
    View updated product information and known issues for MBAM 2.0.
 -   [MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)
    Learn about the latest MDOP information and resources.
 -   [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
    Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
--- a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md
+++ b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md
@ -19,7 +19,7 @@ author: shortpatti
 This topic describes the process for applying the hotfixes for Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1
 ### Before you begin, download the latest hotfix of Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1
-[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=57157)
+[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=58345)
 #### Steps to update the MBAM Server for existing MBAM environment 
 1. Remove MBAM server feature (do this by opening the MBAM Server Configuration Tool, then selecting Remove Features).
--- a/mdop/mbam-v25/index.md
+++ b/mdop/mbam-v25/index.md
@ -1,7 +1,7 @@
 ---
 title: Microsoft BitLocker Administration and Monitoring 2.5
 description: Microsoft BitLocker Administration and Monitoring 2.5
-author: jamiejdt
+author: dansimp
 ms.assetid: fd81d7de-b166-47e8-b6c7-d984830762b6
 ms.pagetype: mdop, security
 ms.mktglfcycl: manage
@ -10,67 +10,61 @@ ms.prod: w10
 ms.date: 04/19/2017
 ---
 # Microsoft BitLocker Administration and Monitoring 2.5
 Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplified administrative interface that you can use to manage BitLocker Drive Encryption. You configure MBAM Group Policy Templates that enable you to set BitLocker Drive Encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes. For a more detailed description of MBAM, see [About MBAM 2.5](about-mbam-25.md).
-To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
+To obtain MBAM, see [How Do I Get MDOP](index.md#how-to-get-mdop).
-<a href="" id="getting-started-with-mbam-2-5"></a>[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)
+## Outline
-[About MBAM 2.5](about-mbam-25.md)**|**[Release Notes for MBAM 2.5](release-notes-for-mbam-25.md)**|**[About MBAM 2.5 SP1](about-mbam-25-sp1.md)**|**[Release Notes for MBAM 2.5 SP1](release-notes-for-mbam-25-sp1.md)**|**[Evaluating MBAM 2.5 in a Test Environment](evaluating-mbam-25-in-a-test-environment.md)**|**[High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md)**|**[Accessibility for MBAM 2.5](accessibility-for-mbam-25.md)
+- <a href="" id="getting-started-with-mbam-2-5"></a>[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)
  - [About MBAM 2.5](about-mbam-25.md)
  - [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md)
  - [About MBAM 2.5 SP1](about-mbam-25-sp1.md)
  - [Release Notes for MBAM 2.5 SP1](release-notes-for-mbam-25-sp1.md)
  - [Evaluating MBAM 2.5 in a Test Environment](evaluating-mbam-25-in-a-test-environment.md)
  - [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md)
  - [Accessibility for MBAM 2.5](accessibility-for-mbam-25.md)
 - <a href="" id="planning-for-mbam-2-5"></a>[Planning for MBAM 2.5](planning-for-mbam-25.md)
  - [Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md)
  - [MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md)
  - [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md)
  - [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md)
  - [Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md)
  - [Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md)
  - [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)
  - [Planning for MBAM 2.5 High Availability](planning-for-mbam-25-high-availability.md)
  - [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md)
  - [MBAM 2.5 Planning Checklist](mbam-25-planning-checklist.md)
 - <a href="" id="deploying-mbam-2-5"></a>[Deploying MBAM 2.5](deploying-mbam-25.md)
  - [Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md)
  - [Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md)
  - [Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md)
  - [MBAM 2.5 Deployment Checklist](mbam-25-deployment-checklist.md)
  - [Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions](upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md)
  - [Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md)
 - <a href="" id="operations-for-mbam-2-5"></a>[Operations for MBAM 2.5](operations-for-mbam-25.md)
  - [Administering MBAM 2.5 Features](administering-mbam-25-features.md)
  - [Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md)
  - [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)
  - [Maintaining MBAM 2.5](maintaining-mbam-25.md)
  - [Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md)
 - <a href="" id="troubleshooting-mbam-2-5"></a>[Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md)
 - <a href="" id="technical-reference-for-mbam-2-5"></a>[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md)
  - [Client Event Logs](client-event-logs.md)
  - [Server Event Logs](server-event-logs.md)
-<a href="" id="planning-for-mbam-2-5"></a>[Planning for MBAM 2.5](planning-for-mbam-25.md)
+## More Information
-[Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md)**|**[MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md)**|**[Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md)**|**[Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md)**|**[Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md)**|**[Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md)**|**[MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)**|**[Planning for MBAM 2.5 High Availability](planning-for-mbam-25-high-availability.md)**|**[MBAM 2.5 Security Considerations](mbam-25-security-considerations.md)**|**[MBAM 2.5 Planning Checklist](mbam-25-planning-checklist.md)
+- [MDOP Information Experience](index.md)
 <a href="" id="deploying-mbam-2-5"></a>[Deploying MBAM 2.5](deploying-mbam-25.md)
 [Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md)**|**[Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md)**|**[Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md)**|**[MBAM 2.5 Deployment Checklist](mbam-25-deployment-checklist.md)**|**[Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions](upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md)**|**[Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md)
 <a href="" id="operations-for-mbam-2-5"></a>[Operations for MBAM 2.5](operations-for-mbam-25.md)
 [Administering MBAM 2.5 Features](administering-mbam-25-features.md)**|**[Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md)**|**[Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)**|**[Maintaining MBAM 2.5](maintaining-mbam-25.md)**|**[Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md)
 <a href="" id="troubleshooting-mbam-2-5"></a>[Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md)
 <a href="" id="technical-reference-for-mbam-2-5"></a>[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md)
 [Client Event Logs](client-event-logs.md)**|**[Server Event Logs](server-event-logs.md)
 ### More Information
 -   [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md)
    View updated product information and known issues for MBAM 2.5.
 -   [MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)
    Learn about the latest MDOP information and resources.
 -   [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
    Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 -   [MBAM Deployment Guide](https://www.microsoft.com/download/details.aspx?id=38398)
    Get help in choosing a deployment method for MBAM, including step-by-step instructions for each method.
 -   [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md)
    Guide of how to apply MBAM 2.5 SP1 Server hotfixes
 ## Got a suggestion for MBAM?
 - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring).
 - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
  Find documentation, videos, and other resources for MDOP technologies.
 - [MBAM Deployment Guide](https://www.microsoft.com/download/details.aspx?id=38398)
  Get help in choosing a deployment method for MBAM, including step-by-step instructions for each method.
 - [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md)
  Guide of how to apply MBAM 2.5 SP1 Server hotfixes
--- a/mdop/medv-v1/how-to-configure-image-pre-staging.md
+++ b/mdop/medv-v1/how-to-configure-image-pre-staging.md
@ -72,17 +72,17 @@ Image pre-staging is useful only for the initial image download. It is not suppo
    **NT AUTHORITY\\Authenticated Users:(OI)(CI)(special access:)**
-    **                                READ\_CONTROL**
+    **READ\_CONTROL**
-    **                                                                                SYNCHRONIZE**
+    **SYNCHRONIZE**
-    **                                                                                FILE\_GENERIC\_READ**
+    **FILE\_GENERIC\_READ**
-    **                                                                                                FILE\_READ\_DATA**
+    **FILE\_READ\_DATA**
-    **                                                                                FILE\_READ\_EA**
+    **FILE\_READ\_EA**
-    **                                                                                FILE\_READ\_ATTRIBUTES**
+    **FILE\_READ\_ATTRIBUTES**
    **NT AUTHORITY\\SYSTEM:(OI)(CI)F**
--- a/mdop/medv-v1/index.md
+++ b/mdop/medv-v1/index.md
@ -1,7 +1,7 @@
 ---
 title: Microsoft Enterprise Desktop Virtualization Planning, Deployment, and Operations Guide
 description: Microsoft Enterprise Desktop Virtualization Planning, Deployment, and Operations Guide
-author: jamiejdt
+author: dansimp
 ms.assetid: 7bc3e120-df77-4f4c-bc8e-7aaa4c2a6525
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
--- a/mdop/medv-v2/index.md
+++ b/mdop/medv-v2/index.md
@ -1,7 +1,7 @@
 ---
 title: Microsoft Enterprise Desktop Virtualization 2.0
 description: Microsoft Enterprise Desktop Virtualization 2.0
-author: jamiejdt
+author: dansimp
 ms.assetid: 84109be0-4613-42e9-85fc-fcda8de6e4c4
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
--- a/mdop/solutions/index.md
+++ b/mdop/solutions/index.md
@ -1,7 +1,7 @@
 ---
 title: MDOP Solutions and Scenarios
 description: MDOP Solutions and Scenarios
-author: jamiejdt
+author: dansimp
 ms.assetid: 1cb18bef-fbae-4e96-a4f1-90cf111c3b5f
 ms.pagetype: mdop
 ms.mktglfcycl: deploy
--- a/mdop/uev-v1/index.md
+++ b/mdop/uev-v1/index.md
@ -1,7 +1,7 @@
 ---
 title: Microsoft User Experience Virtualization (UE-V) 1.0
 description: Microsoft User Experience Virtualization (UE-V) 1.0
-author: jamiejdt
+author: dansimp
 ms.assetid: 7c2b59f6-bbe9-4373-8b08-c1738665a37b
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
--- a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
+++ b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
@ -193,7 +193,7 @@ You’ll need to deploy a settings storage location, a standard network share wh
-**Security Note:  **
+**Security Note:**
 If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor:
--- a/mdop/uev-v2/index.md
+++ b/mdop/uev-v2/index.md
@ -1,7 +1,7 @@
 ---
 title: Microsoft User Experience Virtualization (UE-V) 2.x
 description: Microsoft User Experience Virtualization (UE-V) 2.x
-author: jamiejdt
+author: dansimp
 ms.assetid: b860fed0-b846-415d-bdd6-ba60231a64be
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
--- a/windows/application-management/remove-provisioned-apps-during-update.md
+++ b/windows/application-management/remove-provisioned-apps-during-update.md
@ -162,10 +162,14 @@ Windows Registry Editor Version 5.00
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneMusic_8wekyb3d8bbwe]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneVideo_8wekyb3d8bbwe]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.3DBuilder_8wekyb3d8bbwe]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.HEVCVideoExtension_8wekyb3d8bbwe]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Messaging_8wekyb3d8bbwe]
 ``` 
 [Get-AppxPackage](https://docs.microsoft.com/powershell/module/appx/get-appxpackage)
 [Get-AppxPackage -allusers](https://docs.microsoft.com/powershell/module/appx/get-appxpackage)
 [Remove-AppxPackage](https://docs.microsoft.com/powershell/module/appx/remove-appxpackage)
--- a/windows/application-management/sideload-apps-in-windows-10.md
+++ b/windows/application-management/sideload-apps-in-windows-10.md
@ -19,6 +19,9 @@ ms.date: 05/20/2019
 -   Windows 10
 -   Windows 10 Mobile
 > [!NOTE]
 > As of Windows Insider Build 18956, sideloading is enabled by default. Now, you can deploy a signed package onto a device without a special configuration. 
 "Line-of-Business" (LOB) apps are present in a wide range of businesses and organizations. Organizations value these apps because they solve problems unique to each business.
 When you sideload an app, you deploy a signed app package to a device. You maintain the signing, hosting, and deployment of these apps. Sideloading was also available with Windows 8 and Windows 8.1
--- a/windows/client-management/advanced-troubleshooting-802-authentication.md
+++ b/windows/client-management/advanced-troubleshooting-802-authentication.md
@ -17,7 +17,7 @@ ms.topic: troubleshooting
 ## Overview
-This is a general troubleshooting of 802.1X wireless and wired clients. With 802.1X and wireless troubleshooting, it's important to know how the flow of authentication works, and then figuring out where it's breaking. It involves a lot of third party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. Since we don't make access points or wwitches, it won't be an end-to-end Microsoft solution.
+This is a general troubleshooting of 802.1X wireless and wired clients. With 802.1X and wireless troubleshooting, it's important to know how the flow of authentication works, and then figuring out where it's breaking. It involves a lot of third party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. Since we don't make access points or switches, it won't be an end-to-end Microsoft solution.
 ## Scenarios
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@ -156,22 +156,8 @@ Each of the previous nodes contains one or more of the following leaf nodes:
 <tr class="odd">
 <td><p><strong>Policy</strong></p></td>
 <td><p>Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.</p>
-<p>Policy nodes are a Base64-encoded blob of the binary policy representation. The binary policy may be signed or unsigned.</p>
+<p>For nodes, other than CodeIntegrity, policy leaf data type is string. Supported operations are Get, Add, Delete, and Replace.</p>
-<p>For CodeIntegrity/Policy, you can use the <a href="https://go.microsoft.com/fwlink/p/?LinkId=724364" data-raw-source="[certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364)">certutil -encode</a> command line tool to encode the data to base-64.</p>
+<p>For CodeIntegrity/Policy, data type is Base64. Supported operations are Get, Add, Delete, and Replace.</td>
 <p>Here is a sample certutil invocation:</p>
 ```
 certutil -encode WinSiPolicy.p7b WinSiPolicy.cer
 ```
 <p>An alternative to using certutil would be to use the following PowerShell invocation:</p>
 ```
 [Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path <bin file>))
 ```
 <p>If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy.</p>
 <p>Data type is string. Supported operations are Get, Add, Delete, and Replace.</p></td>
 </tr>
 <tr class="even">
 <td><p><strong>EnforcementMode</strong></p></td>
@ -186,6 +172,8 @@ certutil -encode WinSiPolicy.p7b WinSiPolicy.cer
 </tbody>
 </table>
 > [!NOTE]
 > To use Code Integrity Policy, you first need to convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool) and added to the Applocker-CSP.
 ## <a href="" id="productname"></a>Find publisher and product name of apps
--- a/windows/client-management/mdm/appv-deploy-and-config.md
+++ b/windows/client-management/mdm/appv-deploy-and-config.md
@ -37,7 +37,7 @@ manager: dansimp
 	  - LastErrorDescription
 	  - SyncStatusDescription
 	  - SyncProgress
-	- Sync
+    - Sync
 	  - PublishXML
  - AppVDynamicPolicy
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@ -277,23 +277,23 @@ Supported operation is Get.
 <a href="" id="devicestatus-deviceguard-virtualizationbasedsecurityhwreq"></a>**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq**  
 Added in Windows, version 1709. Virtualization-based security hardware requirement status. The value is a 256 value bitmask.
-	0x0: System meets hardware configuration requirements
+- 0x0: System meets hardware configuration requirements
-	0x1: SecureBoot required 
+- 0x1: SecureBoot required 
-	0x2: DMA Protection required
+- 0x2: DMA Protection required
-	0x4: HyperV not supported for Guest VM
+- 0x4: HyperV not supported for Guest VM
-	0x8: HyperV feature is not available
+- 0x8: HyperV feature is not available
 Supported operation is Get.
 <a href="" id="devicestatus-deviceguard-virtualizationbasedsecuritystatus"></a>**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus**  
 Added in Windows, version 1709. Virtualization-based security status.  Value is one of the following:
-	0 - Running
+- 0 - Running
-	1 - Reboot required 
+- 1 - Reboot required 
-	2 - 64 bit architecture required 
+- 2 - 64 bit architecture required 
-	3 - not licensed 
+- 3 - not licensed 
-	4 - not configured 
+- 4 - not configured 
-	5 - System doesn't meet hardware requirements 
+- 5 - System doesn't meet hardware requirements 
-	42 – Other. Event logs in Microsoft-Windows-DeviceGuard have more details
+- 42 – Other. Event logs in Microsoft-Windows-DeviceGuard have more details
 Supported operation is Get.
@ -301,11 +301,11 @@ Supported operation is Get.
 <a href="" id="devicestatus-deviceguard-lsacfgcredguardstatus"></a>**DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus**  
 Added in Windows, version 1709. Local System Authority (LSA) credential guard status.
-	0 - Running
+- 0 - Running
-	1 - Reboot required
+- 1 - Reboot required
-	2 - Not licensed for Credential Guard
+- 2 - Not licensed for Credential Guard
-	3 - Not configured
+- 3 - Not configured
-	4 - VBS not running 
+- 4 - VBS not running 
 Supported operation is Get.
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@ -19,20 +19,23 @@ This is a step-by-step guide to configuring ADMX-backed policies in MDM.
 Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of select Group Policy administrative templates (ADMX-backed policies) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX-backed policies in Policy CSP is different from the typical way you configure a traditional MDM policy. 
 Summary of steps to enable a policy:
-	Find the policy from the list ADMX-backed policies. 
+- Find the policy from the list ADMX-backed policies. 
-	Find the Group Policy related information from the MDM policy description.
+- Find the Group Policy related information from the MDM policy description.
-	Use the Group Policy Editor to determine whether there are parameters necessary to enable the policy.
+- Use the Group Policy Editor to determine whether there are parameters necessary to enable the policy.
-	Create the data payload for the SyncML.
+- Create the data payload for the SyncML.
-See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Backed-policies-using/ba-p/354824) for a walk-through using Intune.
+See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Backed-policies-using/ba-p/354824) and [Deploying ADMX-Backed policies using Microsoft Intune](https://blogs.technet.microsoft.com/senthilkumar/2018/05/21/intune-deploying-admx-backed-policies-using-microsoft-intune/) for a walk-through using Intune.
 >[!TIP]
 >Intune has added a number of ADMX-backed administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](https://docs.microsoft.com/intune/administrative-templates-windows)
 ## Enable a policy
 > [!NOTE]
 > See [Understanding ADMX-backed policies](https://docs.microsoft.com/en-us/windows/client-management/mdm/understanding-admx-backed-policies).
 1.  Find the policy from the list [ADMX-backed policies](policy-configuration-service-provider.md#admx-backed-policies). You need the following information listed in the policy description.  
-	- GP English name
+    - GP English name
    - GP name
    - GP ADMX file name
    - GP path
--- a/windows/client-management/mdm/esim-enterprise-management.md
+++ b/windows/client-management/mdm/esim-enterprise-management.md
@ -14,13 +14,13 @@ ms.topic:
 # How Mobile Device Management Providers support eSIM Management on Windows
 The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to leverage an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will leverage the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and installation happens on the background and not impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management.
 If you are a Mobile Device Management (MDM) Provider and would like to support eSIM Management on Windows, you should do the following:
-	Onboard to Azure Active Directory
+- Onboard to Azure Active Directory
-	Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, please contact them and learn more about their onboarding. If you would like to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties. 
+- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, please contact them and learn more about their onboarding. If you would like to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties. 
-	Assess solution type that you would like to provide your customers
+- Assess solution type that you would like to provide your customers
-	Batch/offline solution
+- Batch/offline solution
-	IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices.
+- IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices.
-	Operator does not have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
+- Operator does not have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
-	Real-time solution
+- Real-time solution
-	MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via sim vendor solution component. IT Admin can view subscription pool and provision eSIM in real time.
+- MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via sim vendor solution component. IT Admin can view subscription pool and provision eSIM in real time.
-	Operator is notified of the status of each eSIM profile and has visibility on which devices are being used
+- Operator is notified of the status of each eSIM profile and has visibility on which devices are being used
 **Note:** The solution type is not noticeable to the end-user. The choice between the two is made between the MDM and the Mobile Operator.
--- a/windows/client-management/mdm/index.md
+++ b/windows/client-management/mdm/index.md
@ -44,7 +44,7 @@ The MDM security baseline includes policies that cover the following areas:
 For more details about the MDM policies defined in the MDM security baseline and what Microsoft’s recommended baseline policy values are, see:
 - [MDM Security baseline for Windows 10, version 1903](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip)
- - [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip)
+- [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip)
 For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows)
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@ -16,13 +16,13 @@ manager: dansimp
 The NetworkQoSPolicy configuration service provider creates network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions. This CSP was added in Windows 10, version 1703.
 The following conditions are supported:
-	Network traffic from a specific application name
+- Network traffic from a specific application name
-	Network traffic from specific source or destination ports
+- Network traffic from specific source or destination ports
-	Network traffic from a specific IP protocol (TCP, UDP, or both)
+- Network traffic from a specific IP protocol (TCP, UDP, or both)
 The following actions are supported:
-	Layer 2 tagging using a IEEE 802.1p priority value
+- Layer 2 tagging using a IEEE 802.1p priority value
-	Layer 3 tagging using a differentiated services code point (DSCP) value
+- Layer 3 tagging using a differentiated services code point (DSCP) value
 > [!NOTE]
 > The NetworkQoSPolicy configuration service provider is supported only in Microsoft Surface Hub.
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@ -537,7 +537,7 @@ Added in Windows 10, version 1607. Boolean value that disables the launch of al
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
-   GP English name: *Disable all apps from Microsoft Store *
+-   GP English name: *Disable all apps from Microsoft Store*
 -   GP name: *DisableStoreApps*
 -   GP path: *Windows Components/Store*
 -   GP ADMX file name: *WindowsStore.admx*
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@ -629,9 +629,9 @@ ADMX Info:
 <!--SupportedValues-->
 Supported values:
-	Blank (default) - Do not send tracking information but let users choose to send tracking information to sites they visit.
+- Blank (default) - Do not send tracking information but let users choose to send tracking information to sites they visit.
-	0 - Never send tracking information.
+- 0 - Never send tracking information.
-	1 - Send tracking information.
+- 1 - Send tracking information.
 Most restricted value: 1
 <!--/SupportedValues-->
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@ -387,12 +387,12 @@ Specifies whether device lock is enabled.
 > [!Important]
 > **DevicePasswordEnabled** should not be set to Enabled (0) when WMI is used to set the EAS DeviceLock policies given that it is Enabled by default in Policy CSP for back compat with Windows 8.x. If **DevicePasswordEnabled** is set to Enabled(0) then Policy CSP will return an error stating that **DevicePasswordEnabled** already exists. Windows 8.x did not support DevicePassword policy. When disabling **DevicePasswordEnabled** (1) then this should be the only policy set from the DeviceLock group of policies listed below:
 > - **DevicePasswordEnabled** is the parent policy of the following:
-> 	- AllowSimpleDevicePassword
+>   - AllowSimpleDevicePassword
->	- MinDevicePasswordLength
+>   - MinDevicePasswordLength
->	- AlphanumericDevicePasswordRequired
+>   - AlphanumericDevicePasswordRequired
->		- MinDevicePasswordComplexCharacters 
+>   - MinDevicePasswordComplexCharacters 
->	- DevicePasswordExpiration
+>   - DevicePasswordExpiration
->	- DevicePasswordHistory
+>   - DevicePasswordHistory
 >   - MaxDevicePasswordFailedAttempts
 >   - MaxInactivityTimeDeviceLock
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@ -13428,7 +13428,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
 <!--ADMXBacked-->
 ADMX Info:  
-   GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer *
+-   GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer*
 -   GP name: *VerMgmtDisableRunThisTime*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
 -   GP ADMX file name: *inetres.admx*
@ -16504,7 +16504,7 @@ Also, see the "Security zones: Do not allow users to change policies" policy.
 <!--ADMXBacked-->
 ADMX Info:  
-   GP English name: *Security Zones: Use only machine settings *
+-   GP English name: *Security Zones: Use only machine settings*
 -   GP name: *Security_HKLM_only*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@ -365,7 +365,7 @@ If you disable or do not configure this policy setting, the WinRM service will n
 The service listens on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges.
-You should use an asterisk (*) to indicate that the service listens on all available IP addresses on the computer. When * is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses.
+You should use an asterisk (\*) to indicate that the service listens on all available IP addresses on the computer. When \* is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses.
 For example, if you want the service to listen only on IPv4 addresses, leave the IPv6 filter empty.
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@ -806,11 +806,11 @@ If the policy is not specified, the behavior will be that no pages are affected.
 The format of the PageVisibilityList value is as follows:
-   The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity.
+- The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity.
-   There are two variants: one that shows only the given pages and one which hides the given pages.
+- There are two variants: one that shows only the given pages and one which hides the given pages.
-   The first variant starts with the string "showonly:" and the second with the string "hide:".
+- The first variant starts with the string "showonly:" and the second with the string "hide:".
-	Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace.
+- Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace.
-   Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:network-wifi" would be just "network-wifi".
+- Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:network-wifi" would be just "network-wifi".
 The default value for this setting is an empty string, which is interpreted as show everything.
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@ -1068,7 +1068,7 @@ If you disable or don't configure this policy setting, the Delete diagnostic dat
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
-   GP English name: *Disable deleting diagnostic data *
+-   GP English name: *Disable deleting diagnostic data*
 -   GP name: *DisableDeviceDelete*
 -   GP element: *DisableDeviceDelete*
 -   GP path: *Data Collection and Preview Builds*
@ -1131,7 +1131,7 @@ If you disable or don't configure this policy setting, the Diagnostic Data Viewe
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
-   GP English name: *Disable diagnostic data viewer. *
+-   GP English name: *Disable diagnostic data viewer.*
 -   GP name: *DisableDiagnosticDataViewer*
 -   GP element: *DisableDiagnosticDataViewer*
 -   GP path: *Data Collection and Preview Builds*
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@ -1053,7 +1053,7 @@ Supported values:
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
+Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. As of 1903, the branch readiness levels of Semi-Annual Channel (Targeted) and Semi-Annual Channel have been combined into one Semi-Annual Channel set with a value of 16. For devices on 1903 and later releases, the value of 32 is not a supported value.
 <!--/Description-->
 <!--ADMXMapped-->
@ -1072,7 +1072,7 @@ The following list shows the supported values:
 -  4  {0x4}  - Windows Insider build - Slow (added in Windows 10, version 1709)
 -  8  {0x8}  - Release Windows Insider build (added in Windows 10, version 1709)
 -  16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted). 
-  32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel.
+-  32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903)
 <!--/SupportedValues-->
 <!--/Policy-->
--- a/windows/client-management/mdm/understanding-admx-backed-policies.md
+++ b/windows/client-management/mdm/understanding-admx-backed-policies.md
@ -23,8 +23,8 @@ In addition to standard policies, the Policy CSP can now also handle ADMX-backed
 ADMX files can either describe operating system (OS) Group Policies that are shipped with Windows or they can describe settings of applications, which are separate from the OS and can usually be downloaded and installed on a PC.
 Depending on the specific category of the settings that they control (OS or application), the administrative template settings are found in the following two locations in the Local Group Policy Editor:
-	OS settings: Computer Configuration/Administrative Templates
+- OS settings: Computer Configuration/Administrative Templates
-	Application settings: User Configuration/Administrative Templates 
+- Application settings: User Configuration/Administrative Templates 
 In a domain controller/Group Policy ecosystem, Group Policies are automatically added to the registry of the client computer or user profile by the Administrative Templates Client Side Extension (CSE) whenever the client computer processes a Group Policy. Conversely, in an MDM-managed client, ADMX files are leveraged to define policies independent of Group Policies. Therefore, in an MDM-managed client, a Group Policy infrastructure, including the Group Policy Service (gpsvc.exe), is not required.
@ -42,17 +42,17 @@ To capture the end-to-end MDM handling of ADMX Group Policies, an IT administrat
 The ADMX file that the MDM ISV uses to determine what UI to display to the IT administrator is the same ADMX file that the client uses for the policy definition. The ADMX file is processed either by the OS at build time or set by the client at OS runtime. In either case, the client and the MDM ISV must be synchronized with the ADMX policy definitions. Each ADMX file corresponds to a Group Policy category and typically contains several policy definitions, each of which represents a single Group Policy. For example, the policy definition for the “Publishing Server 2 Settings” is contained in the appv.admx file, which holds the policy definitions for the Microsoft Application Virtualization (App-V) Group Policy category. 
 Group Policy option button setting:
-	If **Enabled** is selected, the necessary data entry controls are displayed for the user in the UI. When IT administrator enters the data and clicks **Apply**, the following events occur:
+- If **Enabled** is selected, the necessary data entry controls are displayed for the user in the UI. When IT administrator enters the data and clicks **Apply**, the following events occur:
-    -	 The MDM ISV server sets up a Replace SyncML command with a payload that contains the user-entered data.  
+    - The MDM ISV server sets up a Replace SyncML command with a payload that contains the user-entered data.  
-    -	 The MDM client stack receives this data, which causes the Policy CSP to update the device’s registry per the ADMX-backed policy definition.
+    - The MDM client stack receives this data, which causes the Policy CSP to update the device’s registry per the ADMX-backed policy definition.
-	If **Disabled** is selected and you click **Apply**, the following events occur:
+- If **Disabled** is selected and you click **Apply**, the following events occur:
-    -	 The MDM ISV server sets up a Replace SyncML command with a payload set to `<disabled\>`. 
+    - The MDM ISV server sets up a Replace SyncML command with a payload set to `<disabled\>`. 
-    -	 The MDM client stack receives this command, which causes the Policy CSP to either delete the device’s registry settings, set the registry keys, or both, per the state change directed by the ADMX-backed policy definition.
+    - The MDM client stack receives this command, which causes the Policy CSP to either delete the device’s registry settings, set the registry keys, or both, per the state change directed by the ADMX-backed policy definition.
-	If **Not Configured** is selected and you click **Apply**, the following events occur:
+- If **Not Configured** is selected and you click **Apply**, the following events occur:
-    -	 MDM ISV server sets up a Delete SyncML command. 
+    - MDM ISV server sets up a Delete SyncML command. 
-    -	 The MDM client stack receives this command, which causes the Policy CSP to delete the device’s registry settings per the ADMX-backed policy definition.
+    - The MDM client stack receives this command, which causes the Policy CSP to delete the device’s registry settings per the ADMX-backed policy definition.
 The following diagram shows the main display for the Group Policy Editor.
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@ -196,7 +196,7 @@ Values:
 **CheckApplicability**
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
  <SyncBody>
    <Exec>
@ -223,7 +223,7 @@ Values:
 **Edition**
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
  <SyncBody>
    <Get>
@ -241,7 +241,7 @@ Values:
 **LicenseKeyType**
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
  <SyncBody>
    <Get>
@ -259,7 +259,7 @@ Values:
 **Status**
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
  <SyncBody>
    <Get>
@ -277,7 +277,7 @@ Values:
 **UpgradeEditionWithProductKey**
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
  <SyncBody>
    <Exec>
@ -304,7 +304,7 @@ Values:
 **UpgradeEditionWithLicense**
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
  <SyncBody>
    <Exec>
--- a/windows/client-management/mdm/windowssecurityauditing-csp.md
+++ b/windows/client-management/mdm/windowssecurityauditing-csp.md
@ -39,7 +39,7 @@ Supported operations are Get and Replace.
 Enable logging of audit events.
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
  <SyncBody>
    <Replace>
--- a/windows/client-management/troubleshoot-inaccessible-boot-device.md
+++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md
@ -171,7 +171,7 @@ Run the following command to verify the Windows update installation and dates:
 Dism /Image:<Specify the OS drive>: /Get-packages
 ```
-After you run this command, you will see the **Install pending** and **Uninstall Pending ** packages:
+After you run this command, you will see the **Install pending** and **Uninstall Pending** packages:
 ![Dism output](images/pendingupdate.png)
--- a/windows/client-management/troubleshoot-stop-errors.md
+++ b/windows/client-management/troubleshoot-stop-errors.md
@ -107,8 +107,8 @@ You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that
 More information on how to use Dumpchk.exe to check your dump files:
-	[Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
+- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
-	[Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
+- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
 ### Pagefile Settings
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@ -145,8 +145,8 @@ If the computer is no longer frozen and now is running in a good state, use the
 Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file or verify that the file was created correctly. You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid. 
-	[Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
+- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
-	[Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
+- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
 Learn how to use Dumpchk.exe to check your dump files: 
--- a/windows/client-management/windows-10-mobile-and-mdm.md
+++ b/windows/client-management/windows-10-mobile-and-mdm.md
@ -27,11 +27,11 @@ Employees increasingly depend on smartphones to complete daily work tasks, but t
 Windows 10 supports end-to-end device lifecycle management to give companies control over their devices, data, and apps. Devices can easily be incorporated into standard lifecycle practices, from device enrollment, configuration, and application management to maintenance, monitoring, and retirement using a comprehensive mobile device management solution.
 **In this article**
-	[Deploy](#deploy)
+- [Deploy](#deploy)
-	[Configure](#configure)
+- [Configure](#configure)
-	[Apps](#apps)
+- [Apps](#apps)
-	[Manage](#manage)
+- [Manage](#manage)
-	[Retire](#retire)
+- [Retire](#retire)
 ## Deploy
@ -365,18 +365,18 @@ You can define and deploy APN profiles in MDM systems that configure cellular da
 -   **APN name** The APN name
 -   *IP connection type* The IP connection type; set to one of the following values:
-    -	IPv4 only
+    - IPv4 only
-    -	IPv6 only
+    - IPv6 only
-    -	IPv4 and IPv6 concurrently
+    - IPv4 and IPv6 concurrently
-    -	IPv6 with IPv4 provided by 46xlat
+    - IPv6 with IPv4 provided by 46xlat
 -   **LTE attached** Whether the APN should be attached as part of an LTE Attach
 -   **APN class ID** The globally unique identifier that defines the APN class to the modem
 -   **APN authentication type** The APN authentication type; set to one of the following values:
-    -	None
+    - None
-    -	Auto
+    - Auto
-    -	PAP
+    - PAP
-    -	CHAP
+    - CHAP
-    -	MSCHAPv2
+    - MSCHAPv2
 -   **User name** The user account when users select Password Authentication Protocol (PAP), CHAP, or MSCHAPv2 authentication in APN authentication type
 -   **Password** The password for the user account specified in User name
 -   **Integrated circuit card ID** The integrated circuit card ID associated with the cellular connection profile
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/customize-and-export-start-layout.md
@ -176,7 +176,7 @@ If the Start layout is applied by Group Policy or MDM, and the policy is removed
 2.  [Export the Start layout](#export-the-start-layout).
 3.  Open the layout .xml file. There is a `<DefaultLayoutOverride>` element. Add `LayoutCustomizationRestrictionType="OnlySpecifiedGroups"` to the **DefaultLayoutOverride** element as follows:
-    ``` syntax
+    ```xml
    <DefaultLayoutOverride LayoutCustomizationRestrictionType="OnlySpecifiedGroups">
    ```
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@ -68,7 +68,7 @@ In Windows 10, version 1803 and later, you can install the **Kiosk Browser** app
 Kiosk Browser settings | Use this setting to
 --- | ---
-Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards. <br><br>For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs.
+Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards. <br><br>For example, if you want people to be limited to `http://contoso.com` only, you would add `.contoso.com` to blocked URL exception list and then block all other URLs.
 Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards. <br><br>If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list.
 Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL.
 Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL.
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@ -26,7 +26,7 @@ ms.topic: article
 ## Full XML sample
 >[!NOTE]
->Updated for Windows 10, version 1903, and Windows 10 Prerelease
+>Updated for Windows 10, version 1903, and Windows 10 Insider Preview (19H2, 20H1 builds).
 ```xml
 <?xml version="1.0" encoding="utf-8" ?>
@ -255,7 +255,7 @@ This sample demonstrates that both UWP and Win32 apps can be configured to autom
 ```
 ## [Preview] Global Profile Sample XML
-Global Profile is currently supported in Windows 10 Prerelease. Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lock down mode, or used as mitigation when a profile cannot be determined for an user.
+Global Profile is currently supported in Windows 10 Insider Preview (19H2, 20H1 builds). Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lock down mode, or used as mitigation when a profile cannot be determined for an user.
 This sample demonstrates that only a global profile is used, no active user configured. Global profile will be applied when every non-admin account logs in 
 ```xml
@ -394,7 +394,7 @@ Below sample shows dedicated profile and global profile mixed usage, aauser woul
 ```
 ## [Preview] Folder Access sample xml
-In Windows 10 1809 release, folder access is locked down that when common file dialog is opened, IT Admin can specify if user has access to the Downloads folder, or no access to any folder at all. This restriction has be redesigned for finer granulatity and easier use, available in current Windows 10 Prerelease.
+In Windows 10, version 1809, folder access is locked down so that when common file dialog is opened, IT Admin can specify if the user has access to the Downloads folder, or no access to any folder at all. This restriction has been redesigned for finer granulatity and easier use, and is available in Windows 10 Insider Preview (19H2, 20H1 builds).
 IT Admin now can specify user access to Downloads folder, Removable drives, or no restrictions at all. Note that Downloads and Removable Drives can be allowed at the same time.
@ -636,7 +636,7 @@ IT Admin now can specify user access to Downloads folder, Removable drives, or n
 ## XSD for AssignedAccess configuration XML
 >[!NOTE]
->Updated for Windows 10, version 1903 and Windows 10 Prerelease.
+>Updated for Windows 10, version 1903 and Windows 10 Insider Preview (19H2, 20H1 builds).
 Below schema is for AssignedAccess Configuration up to Windows 10 1803 release.
 ```xml
@ -859,7 +859,7 @@ Here is the schema for new features introduced in Windows 10 1809 release
 </xs:schema>
 ```
-Schema for Windows 10 prerelease
+Schema for Windows 10 Insider Preview (19H2, 20H1 builds)
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <xs:schema
@ -889,7 +889,7 @@ Schema for Windows 10 prerelease
 </xs:schema>
 ```
-To authorize a compatible configuration XML that includes 1809 or prerelease elements and attributes, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. e.g. to configure auto-launch feature which is added in 1809 release, use below sample, notice an alias r1809 is given to the 201810 namespace for 1809 release, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+To authorize a compatible configuration XML that includes elements and attributes from Windows 10, version 1809 or newer, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the auto-launch feature which is added in Windows 10, version 1809, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10, version 1809, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
 ```xml
 <AssignedAccessConfiguration
    xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
--- a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md
+++ b/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md
@ -462,7 +462,7 @@ Quick action buttons are locked down in exactly the same way as Settings pages/g
 You can specify the quick actions as follows:
-``` syntax
+```xml
 <Settings>
    <System name="QuickActions_Launcher_AllSettings" />
    <System name="QuickActions_Launcher_DeviceDiscovery" />
--- a/windows/configuration/start-layout-xml-desktop.md
+++ b/windows/configuration/start-layout-xml-desktop.md
@ -53,6 +53,7 @@ The XML schema for `LayoutModification.xml` requires the following order for tag
 1. TopMFUApps
 1. CustomTaskbarLayoutCollection
 1. InkWorkspaceTopApps
 1. StartLayoutCollection
 Comments are not supported in the `LayoutModification.xml` file.
@ -66,6 +67,8 @@ Comments are not supported in the `LayoutModification.xml` file.
 >- Do not add multiple rows of comments.
 The following table lists the supported elements and attributes for the LayoutModification.xml file.
 > [!NOTE]
 > RequiredStartGroupsCollection and AppendGroup syntax only apply when the Import-StartLayout method is used for building and deploying Windows images.
 | Element | Attributes | Description |
 | --- | --- | --- |
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@ -241,7 +241,7 @@ Version identifies the version of the settings location template for administrat
 **Hint:** You can save notes about version changes using XML comment tags `<!-- -->`, for example:
-``` syntax
+```xml
  <!--
     Version History
@ -280,7 +280,7 @@ Author identifies the creator of the settings location template. Two optional ch
 Processes contains at least one `<Process>` element, which in turn contains the following child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. The Filename child element is mandatory and the others are optional. A fully populated element contains tags similar to this example:
-``` syntax
+```xml
    <Process>
      <Filename>MyApplication.exe</Filename>
      <Architecture>Win64</Architecture>
@ -355,7 +355,7 @@ UE-V does not support ARM processors in this version.
 ProductName is an optional element used to identify a product for administrative purposes or reporting. ProductName differs from Filename in that there are no regular expression restrictions on its value. This allows for more easily understood descriptions of a process where the executable name may not be obvious. For example:
-``` syntax
+```xml
    <Process>
      <Filename>MyApplication.exe</Filename>
      <ProductName>My Application 6.x by Contoso.com</ProductName>
@ -375,7 +375,7 @@ FileDescription is an optional tag that allows for an administrative description
 For example, in a suited application, it might be useful to provide reminders about the function of two executables (MyApplication.exe and MyApplicationHelper.exe), as shown here:
-``` syntax
+```xml
 <Processes>
   <Process>
@ -409,7 +409,7 @@ The product and file version elements may be left unspecified. Doing so makes th
 Product version: 1.0 specified in the UE-V template generator produces the following XML:
-``` syntax
+```xml
      <ProductVersion>
        <Major Minimum="1" Maximum="1" />
        <Minor Minimum="0" Maximum="0" />
@ -420,7 +420,7 @@ Product version: 1.0 specified in the UE-V template generator produces the follo
 File version: 5.0.2.1000 specified in the UE-V template generator produces the following XML:
-``` syntax
+```xml
      <FileVersion>
        <Major Minimum="5" Maximum="5" />
        <Minor Minimum="0" Maximum="0" />
@ -433,7 +433,7 @@ File version: 5.0.2.1000 specified in the UE-V template generator produces the f
 Only the Minimum attribute is present. Maximum must be included in a range as well.
-``` syntax
+```xml
      <ProductVersion>
        <Major Minimum="2" />
      </ProductVersion>
@ -443,7 +443,7 @@ Only the Minimum attribute is present. Maximum must be included in a range as we
 Only the Minor element is present. Major must be included as well.
-``` syntax
+```xml
      <ProductVersion>
        <Minor Minimum="0" Maximum="0" />
      </ProductVersion>
@ -463,7 +463,7 @@ Including a FileVersion element for an application allows for more granular fine
 The child elements and syntax rules for FileVersion are identical to those of ProductVersion.
-``` syntax
+```xml
      <Process>
        <Filename>MSACCESS.EXE</Filename>
        <Architecture>Win32</Architecture>
--- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
+++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
@ -26,7 +26,7 @@ As an administrator of User Experience Virtualization (UE-V), you can restore ap
 To restore settings when a user adopts a new device, you can put a settings location template in **backup** or **roam (default)** profile using the Set-UevTemplateProfile PowerShell cmdlet. This lets computer settings sync to the new computer, in addition to user settings. Templates assigned to the backup profile are backed up for that device and configured on a per-device basis. To backup settings for a template, use the following cmdlet in Windows PowerShell:
-``` syntax
+```powershell
 Set-UevTemplateProfile -ID <TemplateID> -Profile <backup>
 ```
@ -38,7 +38,7 @@ When replacing a user’s device, UE-V automatically restores settings if the us
 You can also use the Windows PowerShell cmdlet, Restore-UevBackup, to restore settings from a different device. To clone the settings packages for the new device, use the following cmdlet in Windows PowerShell:
-``` syntax
+```powershell
 Restore-UevBackup -ComputerName <Computer name>
 ```
--- a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
@ -172,7 +172,7 @@ The UE-V Windows PowerShell features enable you to manage a group of settings te
 4.  Unregister all the previously registered versions of the templates by typing the following command.
-    ``` syntax
+    ```powershell
    Unregister-UevTemplate -All
    ```
@ -180,7 +180,7 @@ The UE-V Windows PowerShell features enable you to manage a group of settings te
 5.  Register the updated templates by typing the following command.
-    ``` syntax
+    ```powershell
    Register-UevTemplate <path to template folder>\*.xml
    ```
@ -192,7 +192,7 @@ By listing a Windows app in the Windows app list, you specify whether that app i
 To display the Package Family Name of installed Windows apps, at a Windows PowerShell command prompt, enter:
-``` syntax
+```powershell
 Get-AppxPackage | Sort-Object PackageFamilyName | Format-Table PackageFamilyName
 ```
--- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
+++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
@ -131,7 +131,7 @@ You can deploy UE-V settings location template with the following methods:
 -   **Registering template with PowerShell**. If you use Windows PowerShell to manage computers, run the following Windows PowerShell command as Administrator to register this settings location template:
-    ``` syntax
+    ```powershell
    Register-UevTemplate -Path <Path_to_Template>
    ```
--- a/windows/configuration/windows-10-accessibility-for-ITPros.md
+++ b/windows/configuration/windows-10-accessibility-for-ITPros.md
@ -19,9 +19,9 @@ Microsoft is dedicated to making its products and services accessible and usable
 This topic helps IT administrators learn about built-in accessibility features, and includes a few recommendations for how to support people in your organization who use these features.
 ## General recommendations
-	**Be aware of Ease of Access settings** – Understand how people in your organization might use these settings. Help people in your organization learn how they can customize Windows 10. 
+- **Be aware of Ease of Access settings** – Understand how people in your organization might use these settings. Help people in your organization learn how they can customize Windows 10. 
-	**Do not block settings** – Avoid using Group Policy or MDM settings that override Ease of Access settings. 
+- **Do not block settings** – Avoid using Group Policy or MDM settings that override Ease of Access settings. 
-	**Encourage choice** – Allow people in your organization to customize their computers based on their needs. That might mean installing an add-on for their browser, or a non-Microsoft assistive technology.
+- **Encourage choice** – Allow people in your organization to customize their computers based on their needs. That might mean installing an add-on for their browser, or a non-Microsoft assistive technology.
 ## Vision
--- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -48,7 +49,7 @@ When the database is populated, you can use the MDT simulation environment to si
 1.  On PC0001, log on as **CONTOSO\\MDT\_BA**.
 2.  Modify the C:\\MDT\\CustomSettings.ini file to look like the following:
-    ``` syntax
+    ``` 
    [Settings]
    Priority=CSettings, CRoles, RApplications, Default
    [Default]
@ -113,7 +114,7 @@ When the database is populated, you can use the MDT simulation environment to si
 3.  Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press **Enter** after each command:
-    ``` syntax
+    ``` powershell
    Set-Location C:\MDT
    .\Gather.ps1
--- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
+++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -87,7 +88,7 @@ Setting up DFS-R for replication is a quick and straightforward process. You pre
 When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT, that can be done by using the DefaultGateway property.
 1. On MDT01, using Notepad, navigate to the **E:\\MDTProduction\\Control** folder and modify the Boostrap.ini file to look like this:
-   ``` syntax
+   ``` 
   [Settings]
   Priority=DefaultGateway, Default
   [DefaultGateway]
@ -153,7 +154,7 @@ When you have multiple deployment servers sharing the same content, you need to
    2.  In the **Advanced** tab, set the quota to **8192 MB**.
        In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Here is a Windows PowerShell example that calculates the size of the 16 largest files in the E:\\MDTProduction deployment share:
-        ``` syntax
+        ``` powershell
        (Get-ChildItem E:\MDTProduction -Recurse | Sort-Object Length -Descending | Select-Object -First 16 | Measure-Object -Property Length -Sum).Sum /1GB
        ```
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -36,7 +37,7 @@ Before adding the more advanced components like scripts, databases, and web serv
 If you have a small test environment, or simply want to assign settings to a very limited number of machines, you can edit the rules to assign settings directly for a given MAC Address. If you have many machines, it makes sense to use the database instead.
-``` syntax
+``` 
 [Settings]
 Priority=MacAddress, Default
 [Default]
@ -51,7 +52,7 @@ In the preceding sample, you set the PC00075 computer name for a machine with a
 Another way to assign a computer name is to identify the machine via its serial number.
-``` syntax
+``` 
 [Settings]
 Priority=SerialNumber, Default
 [Default]
@ -66,7 +67,7 @@ In this sample, you set the PC00075 computer name for a machine with a serial nu
 You also can configure the rules engine to use a known property, like a serial number, to generate a computer name on the fly.
-``` syntax
+``` 
 [Settings]
 Priority=Default
 [Default]
@ -83,7 +84,7 @@ Be careful when using the serial number to assign computer names. A serial numbe
 To avoid assigning a computer name longer than 15 characters, you can configure the rules in more detail by adding VBScript functions, as follows:
-``` syntax
+``` 
 [Settings]
 Priority=Default
 [Default]
@ -97,7 +98,7 @@ In the preceding sample, you still configure the rules to set the computer name
 In the rules, you find built-in properties that use a Windows Management Instrumentation (WMI) query to determine whether the machine you are deploying is a laptop, desktop, or server. In this sample, we assume you want to add laptops to different OUs in Active Directory. Note that ByLaptopType is not a reserved word; rather, it is the name of the section to read.
-``` syntax
+``` 
 [Settings]
 Priority=ByLaptopType, Default
 [Default]
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -23,7 +24,7 @@ In this topic, you will learn how to configure the MDT rules engine to use a Use
 You can call a UserExit by referencing the script in your rules. Then you can configure a property to be set to the result of a function of the VBScript. In this example, we have a VBScript named Setname.vbs (provided in the book sample files, in the UserExit folder).
-``` syntax
+``` 
 [Settings]
 Priority=Default
 [Default]
@ -38,7 +39,7 @@ The UserExit=Setname.vbs calls the script and then assigns the computer name to
 The Setname.vbs script takes the MAC Address passed from the rules. The script then does some string manipulation to add a prefix (PC) and remove the semicolons from the MAC Address.
-``` syntax
+``` 
 Function UserExit(sType, sWhen, sDetail, bSkip) 
  UserExit = Success 
 End Function 
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -63,7 +64,7 @@ In order to write the reference image back to the deployment share, you need to
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Modify the NTFS permissions for the **E:\\MDTBuildLab\\Captures** folder by running the following command in an elevated Windows PowerShell prompt:
-    ``` syntax
+    ``` 
    icacls E:\MDTBuildLab\Captures /grant '"MDT_BA":(OI)(CI)(M)'
    ```
@ -170,7 +171,7 @@ If you need to add many applications, you can take advantage of the PowerShell s
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Import the snap-in and create the PSDrive by running the following commands in an elevated PowerShell prompt:
-    ``` syntax
+    ``` powershell
    Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
    New-PSDrive -Name "DS001" -PSProvider MDTProvider -Root "E:\MDTBuildLab"
    ```
@ -182,7 +183,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
-    ``` syntax
+    ``` powershell
    $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x86"
    $CommandLine = "vcredist_x86.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2005SP1x86"
@ -196,7 +197,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
-    ``` syntax
+    ``` powershell
    $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x64"
    $CommandLine = "vcredist_x64.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2005SP1x64"
@ -210,7 +211,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
-    ``` syntax
+    ``` powershell
    $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x86"
    $CommandLine = "vcredist_x86.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2008SP1x86"
@ -224,7 +225,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
-    ``` syntax
+    ``` powershell
    $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x64"
    $CommandLine = "vcredist_x64.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2008SP1x64"
@ -238,7 +239,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
-    ``` syntax
+    ``` powershell
    $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x86"
    $CommandLine = "vcredist_x86.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2010SP1x86"
@ -252,7 +253,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
-    ``` syntax
+    ``` powershell
    $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x64"
    $CommandLine = "vcredist_x64.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2010SP1x64"
@ -266,7 +267,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Upda
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
-    ``` syntax
+    ``` powershell
    $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x86"
    $CommandLine = "vcredist_x86.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2012Ux86"
@ -280,7 +281,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Upda
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
-    ``` syntax
+    ``` powershell
    $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x64"
    $CommandLine = "vcredist_x64.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2012Ux64"
@ -405,7 +406,7 @@ In MDT, there are always two rule files: the CustomSettings.ini file and the Boo
 For that reason, add only a minimal set of rules to Bootstrap.ini, such as which deployment server and share to connect to - the DEPLOYROOT value. Put the other rules in CustomSettings.ini because that file is updated immediately when you click OK. By taking the following steps, you will configure the rules for the MDT Build Lab deployment share:
 1.  Using the Deployment Workbench, right-click the **MDT Build Lab deployment share** and select **Properties**.
 2.  Select the **Rules** tab and modify using the following information:
-    ``` syntax
+    ``` 
    [Settings]
    Priority=Default
    [Default]
@ -444,7 +445,7 @@ For that reason, add only a minimal set of rules to Bootstrap.ini, such as which
 3.  Click **Edit Bootstrap.ini** and modify using the following information:
-    ``` syntax
+    ``` 
    [Settings]
    Priority=Default
    [Default]
@ -501,7 +502,7 @@ The CustomSettings.ini file is normally stored on the server, in the Deployment
 The Bootstrap.ini file is available via the deployment share's Properties dialog box, or via the E:\\MDTBuildLab\\Control folder on MDT01.
-``` syntax
+``` 
 [Settings]
 Priority=Default
 [Default]
@ -529,7 +530,7 @@ So, what are these settings?
 The CustomSettings.ini file, whose content you see on the Rules tab of the deployment share Properties dialog box, contains most of the properties used in the configuration.
-``` syntax
+``` 
 [Settings]
 Priority=Default
 [Default]
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -175,11 +176,13 @@ When you import drivers to the MDT driver repository, MDT creates a single insta
        -   Surface Pro 3
 The preceding folder names are selected because they match the actual make and model values that MDT reads from the machines during deployment. You can find out the model values for your machines via the following command in Windows PowerShell:
-``` syntax
+
 ``` powershell
 Get-WmiObject -Class:Win32_ComputerSystem
 ```
 Or, you can use this command in a normal command prompt:
-``` syntax
+
 ``` 
 wmic csproduct get name
 ```
@ -312,7 +315,7 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh
 2. Right-click the **MDT Production** deployment share and select **Properties**.
 3. Select the **Rules** tab and modify using the following information:
-   ``` syntax
+   ``` 
   [Settings]
   Priority=Default
   [Default]
@ -349,7 +352,7 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh
   ```
 4. Click **Edit Bootstrap.ini** and modify using the following information:
-   ``` syntax
+   ``` 
   [Settings]
   Priority=Default
   [Default]
@ -393,7 +396,7 @@ The rules for the MDT Production deployment share are somewhat different from th
 ### The Bootstrap.ini file
 This is the MDT Production Bootstrap.ini without the user credentials (except domain information):
-``` syntax
+``` 
 [Settings]
 Priority=Default
 [Default]
@ -405,7 +408,7 @@ SkipBDDWelcome=YES
 ### The CustomSettings.ini file
 This is the CustomSettings.ini file with the new join domain information:
-``` syntax
+``` 
 [Settings]
 Priority=Default
 [Default]
--- a/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md
@ -11,7 +11,8 @@ ms.prod: w10
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -27,6 +28,9 @@ MDT is a free, supported download from Microsoft that adds approximately 280 enh
 As noted above, MDT adds many enhancements to Configuration Manager. While these enhancements are called Zero Touch, that name does not reflect how deployment is conducted. The following sections provide a few samples of the 280 enhancements that MDT adds to Configuration Manager.
 > [!Note] 
 > Microsoft Deployment Toolkit requires you to install [Windows PowerShell 2.0 Engine](https://docs.microsoft.com/powershell/scripting/install/installing-the-windows-powershell-2.0-engine) on your server.
 ### MDT enables dynamic deployment
 When MDT is integrated with Configuration Manager, the task sequence takes additional instructions from the MDT rules. In its most simple form, these settings are stored in a text file, the CustomSettings.ini file, but you can store the settings in Microsoft SQL Server databases, or have Microsoft Visual Basic Scripting Edition (VBScripts) or web services provide the settings used.
--- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -100,7 +101,7 @@ By default MDT stores the log files locally on the client. In order to capture a
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create and share the **E:\\Logs** folder by running the following commands in an elevated Windows PowerShell prompt:
-    ``` syntax
+    ``` powershell
    New-Item -Path E:\Logs -ItemType directory
    New-SmbShare -Name Logs$ -Path E:\Logs -ChangeAccess EVERYONE
    icacls E:\Logs /grant '"MDT_BA":(OI)(CI)(M)'
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -42,7 +43,7 @@ When preparing for the computer replace, you need to create a folder in which to
 1. On MDT01, log on as **CONTOSO\\Administrator**.
 2. Create and share the **E:\\MigData** folder by running the following three commands in an elevated Windows PowerShell prompt:
-   ``` syntax
+   ``` powershell
   New-Item -Path E:\MigData -ItemType directory
   New-SmbShare ?Name MigData$ ?Path E:\MigData 
   -ChangeAccess EVERYONE
--- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
+++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -136,11 +137,13 @@ cscript.exe SetConfig.vbs SecurityChip Active
 ```
 ## <a href="" id="sec03"></a>Configure the Windows 10 task sequence to enable BitLocker
-When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In this task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](https://go.microsoft.com/fwlink/p/?LinkId=619549). In the following task sequence, we have added five actions:
+When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In the following task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](https://go.microsoft.com/fwlink/p/?LinkId=619549). 
 In the following task sequence, we added five actions:
 -   **Check TPM Status.** Runs the ZTICheckforTPM.wsf script to determine if TPM is enabled. Depending on the status, the script will set the TPMEnabled and TPMActivated properties to either true or false.
 -   **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip is not already activated. Use the properties from the ZTICheckforTPM.wsf.
    **Note**  
-    It is common for organizations wrapping these tools in scripts to get additional logging and error handling.
+    It is common for organizations to wrap these tools in scripts to get additional logging and error handling.
 -   **Restart computer.** Self-explanatory, reboots the computer.
 -   **Check TPM Status.** Runs the ZTICheckforTPM.wsf script one more time.
--- a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
+++ b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -39,7 +40,7 @@ For the purposes of this topic, you already will have either downloaded and inst
   Figure 6. The C:\\MDT folder with the files added for the simulation environment.
 10. Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press Enter after each command:
-    ``` syntax
+    ``` powershell
    Set-Location C:\MDT
    .\Gather.ps1
    ```
--- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.pagetype: mdt
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -92,7 +93,7 @@ Figure 20. The result from the MDT Sample web service.
 After verifying the web service using Internet Explorer, you are ready to do the same test in the MDT simulation environment.
 1. On PC0001, edit the CustomSettings.ini file in the **C:\\MDT** folder to look like the following:
-   ``` syntax
+   ``` 
   [Settings]
   Priority=Default, GetComputerName
   [Default]
@ -108,7 +109,7 @@ After verifying the web service using Internet Explorer, you are ready to do the
 2. Save the CustomSettings.ini file.
 3. Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press **Enter** after each command:
-   ``` syntax
+   ``` 
   Set-Location C:\MDT
   .\Gather.ps1
   ```
--- a/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@ -10,7 +10,8 @@ ms.prod: w10
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -59,7 +60,7 @@ To support additional server-side logging in Configuration Manager, you create a
 2.  Type the following commands, pressing **Enter** after each one:
-    ``` syntax
+    ``` 
    New-Item -Path E:\Logs -ItemType directory
    New-SmbShare -Name Logs$ -Path E:\Logs -ChangeAccess EVERYONE
    icacls E:\Logs /grant '"CM_NAA":(OI)(CI)(M)'
@ -74,7 +75,7 @@ This section will show you how to configure the rules (the Windows 10 x64 Settin
 2. Using Notepad, edit the CustomSetting.ini file with the following settings:
-   ``` syntax
+   ``` 
   [Settings]
   Priority=Default
   Properties=OSDMigrateConfigFiles,OSDMigrateMode
--- a/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@ -10,7 +10,8 @@ ms.prod: w10
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -90,7 +91,7 @@ In order for the Configuration Manager Join Domain Account (CM\_JD) to join mach
 2. In an elevated Windows PowerShell prompt (run as Administrator), run the following commands, pressing **Enter** after each command:
-   ``` syntax
+   ``` 
   Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
   Set-Location C:\Setup\Scripts
--- a/windows/deployment/deploy-windows-to-go.md
+++ b/windows/deployment/deploy-windows-to-go.md
@ -4,13 +4,15 @@ description: This topic helps you to deploy Windows To Go in your organization.
 ms.assetid: cfe550be-ffbd-42d1-ab4d-80efae49b07f
 ms.reviewer: 
 manager: laurawi
-ms.audience: itpro
author: greg-lindsay
+ms.audience: itpro
 author: greg-lindsay
 keywords: deployment, USB, device, BitLocker, workspace, security, data
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobility
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -106,7 +108,7 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
 2. In the Windows PowerShell session type the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
-    ``` syntax
+    ```
   # The following command will set $Disk to all USB drives with >20 GB of storage
    $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
@ -145,7 +147,7 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
    >[!TIP]
    >The index number must be set correctly to a valid Enterprise image in the .WIM file.
-    ``` syntax
+    ``` 
    #The WIM file must contain a sysprep generalized image.
    dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\
    ```
@ -154,14 +156,14 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
 ~~~
-``` syntax
+``` 
 W:\Windows\System32\bcdboot W:\Windows /f ALL /s S:
 ```
 ~~~
 5. Apply SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. This is done by creating and saving a **san\_policy.xml** file on the disk. The following example illustrates this step:
-    ``` syntax
+    ``` 
    <?xml version='1.0' encoding='utf-8' standalone='yes'?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
      <settings pass="offlineServicing">
@ -193,13 +195,13 @@ W:\Windows\System32\bcdboot W:\Windows /f ALL /s S:
 6. Place the **san\_policy.xml** file created in the previous step into the root directory of the Windows partition on the Windows To Go drive (W: from the previous examples) and run the following command:
-    ``` syntax
+    ``` 
    Dism.exe /Image:W:\ /Apply-Unattend:W:\san_policy.xml
    ```
 7. Create an answer file (unattend.xml) that disables the use of Windows Recovery Environment with Windows To Go. You can use the following code sample to create a new answer file or you can paste it into an existing answer file:
-    ``` syntax
+    ``` 
    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="oobeSystem">
@ -299,7 +301,7 @@ Making sure that Windows To Go workspaces are effective when used off premises i
 1. Start the host computer and sign in using a user account with privileges to add workstations to the domain and then run the following command from an elevated command prompt replacing the example placeholder parameters (denoted by &lt;&gt;) with the ones applicable for your environment:
-    ``` syntax
+    ``` 
    djoin /provision /domain <exampledomain.com> /machine <examplewindowstogo_workspace_name> /certtemplate <WorkstationAuthentication_template> /policynames <DirectAccess Client Policy: {GUID}> /savefile <C:\example\path\domainmetadatafile> /reuse
    ```
@ -312,7 +314,7 @@ Making sure that Windows To Go workspaces are effective when used off premises i
 4. From the Windows PowerShell command prompt run:
-    ``` syntax
+    ``` 
   # The following command will set $Disk to all USB drives with >20 GB of storage
    $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
@ -353,7 +355,7 @@ Making sure that Windows To Go workspaces are effective when used off premises i
 >[!TIP]
 >The index number must be set correctly to a valid Enterprise image in the .WIM file.
-``` syntax
+``` 
 #The WIM file must contain a sysprep generalized image.
 dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\
 ```
@ -361,13 +363,13 @@ dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /ind
 6. After those commands have completed, run the following command:
-   ``` syntax
+   ``` 
   djoin /requestodj /loadfile C:\example\path\domainmetadatafile /windowspath W:\Windows
   ```
 7. Next, we will need to edit the unattend.xml file to configure the first run (OOBE) settings. In this example we are hiding the Microsoft Software License Terms (EULA) page, configuring automatic updates to install important and recommended updates automatically, and identifying this workspace as part of a private office network. You can use other OOBE settings that you have configured for your organization if desired. For more information about the OOBE settings, see [OOBE](https://go.microsoft.com/fwlink/p/?LinkId=619172):
-   ``` syntax
+   ``` 
   <?xml version="1.0" encoding="utf-8"?>
   <unattend xmlns="urn:schemas-microsoft-com:unattend">
       <settings pass="oobeSystem">
@ -460,7 +462,7 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
    >[!NOTE]
    >If you used the [manual method for creating a workspace](https://go.microsoft.com/fwlink/p/?LinkId=619174) you should have already provisioned the Windows To Go drive. If so, you can continue on to the next step.
-   ``` syntax
+   ``` 
   # The following command will set $Disk to all USB drives with >20 GB of storage
    $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
@ -499,20 +501,20 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
   >[!TIP]
   >The index number must be set correctly to a valid Enterprise image in the .WIM file.
-   ``` syntax
+   ``` 
   #The WIM file must contain a sysprep generalized image.
   dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\
   ```
 5. In the same PowerShell session use the following cmdlet to add a recovery key to the drive:
-   ``` syntax
+   ``` 
   $BitlockerRecoveryProtector = Add-BitLockerKeyProtector W: -RecoveryPasswordProtector
   ```
 6. Next, use the following cmdlets to save the recovery key to a file:
-   ``` syntax
+   ``` 
   #The BitLocker Recovery key is essential if for some reason you forget the BitLocker password
   #This recovery key can also be backed up into Active Directory using manage-bde.exe or the
   #PowerShell cmdlet Backup-BitLockerKeyProtector.
@ -522,7 +524,7 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
 7. Then, use the following cmdlets to add the password as a secure string. If you omit the password the cmdlet will prompt you for the password before continuing the operation:
-   ``` syntax
+   ``` 
   # Create a variable to store the password
   $spwd = ConvertTo-SecureString -String <password> -AsplainText –Force
   Enable-BitLocker W: -PasswordProtector $spwd
@ -586,7 +588,7 @@ The sample script creates an unattend file that streamlines the deployment proce
 3. Configure the PowerShell execution policy. By default PowerShell’s execution policy is set to Restricted; that means that scripts won’t run until you have explicitly given them permission to. To configure PowerShell’s execution policy to allow the script to run, use the following command from an elevated PowerShell prompt:
-    ``` syntax
+    ``` 
    Set-ExecutionPolicy RemoteSigned
    ```
@ -601,7 +603,7 @@ The sample script creates an unattend file that streamlines the deployment proce
 #### Windows To Go multiple drive provisioning sample script
-``` syntax
+``` 
 <#
 .SYNOPSIS
 Windows To Go multiple drive provisioning sample script.
@ -976,7 +978,7 @@ Before provisioning your Windows To Go drive you need to consider if your worksp
 In the PowerShell provisioning script, after the image has been applied, you can add the following commands that will correctly set the keyboard settings. The following example uses the Japanese keyboard layout:
-``` syntax
+``` 
            reg load HKLM\WTG-Keyboard ${OSDriveLetter}:\Windows\System32\config\SYSTEM > info.log
            reg add HKLM\WTG-Keyboard\ControlSet001\Services\i8042prt\Parameters /v LayerDriver /d JPN:kbd106dll /t REG_SZ /f
            reg add HKLM\WTG-Keyboard\ControlSet001\Services\i8042prt\Parameters /v OverrideKeyboardIdentifier /d PCAT_106KEY /t REG_SZ /f
--- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
+++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
@ -9,7 +9,8 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.pagetype: appcompat
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.date: 04/19/2017
 ms.topic: article
 ---
@ -128,7 +129,7 @@ In order to meet the two requirements above, we recommend that you use one of th
 ~~~
-``` syntax
+```
 msidbCustomActionTypeVBScript + msidbCustomActionTypeInScript + msidbCustomActionTypeNoImpersonate = 0x0006 + 0x0400 + 0x0800 = 0x0C06 = 3078 decimal)
 ```
 ~~~
@ -146,7 +147,7 @@ You must ensure that you call the script at a time when it will receive elevated
 The following examples show an installation of a custom compatibility-fix database based on an .msi file.
-``` syntax
+```
 'InstallSDB.vbs
 Function Install
 Dim WshShell
--- a/windows/deployment/update/feature-update-user-install.md
+++ b/windows/deployment/update/feature-update-user-install.md
@ -4,7 +4,8 @@ description: Learn how to manually deploy feature updates
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.localizationpriority: medium
 ms.author: greglin
 ms.date: 07/10/2018
@ -69,6 +70,7 @@ foreach ($k in $iniSetupConfigKeyValuePair.Keys)
 #Write content to file 
 New-Item $iniFilePath -ItemType File -Value $iniSetupConfigContent -Force
 <#
 Disclaimer 
 Sample scripts are not supported under any Microsoft standard support program or service. The sample scripts is 
 provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without 
@ -78,6 +80,7 @@ Microsoft, its authors, or anyone else involved in the creation, production, or
 for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, 
 loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script 
 or documentation, even if Microsoft has been advised of the possibility of such damages.
 #>
 ```
 >[!NOTE]
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@ -6,7 +6,8 @@ description: You can use Group Policy or your mobile device management (MDM) ser
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.localizationpriority: medium
 ms.author: greglin
 ms.topic: article
@ -27,8 +28,8 @@ ms.topic: article
 You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and above. The MDM policies use the OMA-URI setting from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).  
->[!IMPORTANT]
+> [!IMPORTANT]
->For Windows Update for Business policies to be honored, the diagnostic data level of the device must be set to **1 (Basic)** or higher. If it is set to **0 (Security)**, Windows Update for Business policies will have no effect. For instructions, see [Configure the operating system diagnostic data level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
+> Beginning with Windows 10, version 1903, organizations can use Windows Update for Business policies, regardless of the diagnostic data level chosen. If the diagnostic data level is set to **0 (Security)**, Windows Update for Business policies will still be honored. For instructions, see [Configure the operating system diagnostic data level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
 Some Windows Update for Business policies are not applicable or behave differently for devices running Windows 10 Mobile Enterprise. Specifically, policies pertaining to Feature Updates will not be applied to Windows 10 Mobile Enterprise. All Windows 10 Mobile updates are recognized as Quality Updates, and can only be deferred or paused using the Quality Update policy settings. Additional information is provided in this topic and in [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md).
--- a/windows/deployment/update/waas-delivery-optimization-reference.md
+++ b/windows/deployment/update/waas-delivery-optimization-reference.md
@ -7,7 +7,8 @@ keywords: oms, operations management suite, wdav, updates, downloads, log analyt
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.localizationpriority: medium
 ms.author: greglin
 ms.collection: M365-modern-desktop
@ -116,7 +117,7 @@ Download mode dictates which download sources clients are allowed to use when do
 ### Group ID
-By default, peer sharing on clients using the group download mode is limited to the same domain in Windows 10, version 1511, and the same domain and AD DS site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but do not fall within those domain or AD DS site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example, you could create a sub-group representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to be peers. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group.
+By default, peer sharing on clients using the group download mode is limited to the same domain in Windows 10, version 1511, and the same domain and Active Directory Domain Services site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but do not fall within those domain or Active Directory Domain Services site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example, you could create a sub-group representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to be peers. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group.
 [//]: # (SCCM Boundary Group option; GroupID Source policy)
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@ -7,7 +7,8 @@ keywords: oms, operations management suite, wdav, updates, downloads, log analyt
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.localizationpriority: medium
 ms.author: greglin
 ms.collection: M365-modern-desktop
@ -116,7 +117,7 @@ For the payloads (optional):
 **Does Delivery Optimization use multicast?**: No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP.
-**How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?**: Starting in Windows 10, version 1903, Delivery Optimizatio uses LEDBAT to relieve such congestion. For more details see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819).
+**How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?**: Starting in Windows 10, version 1903, Delivery Optimization uses LEDBAT to relieve such congestion. For more details see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819).
 ## Troubleshooting
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@ -5,9 +5,11 @@ keywords: updates, servicing, current, deployment, semi-annual channel, feature,
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.audience: itpro
author: greg-lindsay
+ms.audience: itpro
 author: greg-lindsay
 ms.date: 09/24/2018
 ms.reviewer: 
 manager: laurawi
@ -79,13 +81,13 @@ As part of the alignment with Windows 10 and Office 365 ProPlus, we are adopting
 >[!IMPORTANT]
 >With each Semi-Annual Channel release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion, regardless of the "Targeted" designation. This will enable you to gain access to new features, experiences, and integrated security as soon as possible. For more information, see the blog post [Windows 10 and the "disappearing" SAC-T](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-and-the-disappearing-SAC-T/ba-p/199747).
->[!NOTE]
+> [!NOTE]
 >For additional information, see the section about [Servicing Channels](#servicing-channels). 
 >
 >You can also read the blog post [Waas simplified and aligned](https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/), with details on this change. 
->[!IMPORTANT]
+> [!IMPORTANT]
->Devices on the Semi-Annual Channel (formerly called Current Branch for Business) must have their diagnostic data set to **1 (Basic)** or higher, in order to ensure that the service is performing at the expected quality. If diagnostic data is set to **0**, the device will be treated as if it were in the Semi-Annual Channel (Targeted)(formerly called Current Branch or CB) branch. For instructions to set the diagnostic data level, see [Configure the operating system diagnostic data level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
+> Devices on the Semi-Annual Channel (formerly called Current Branch for Business) must have their diagnostic data set to **1 (Basic)** or higher, in order to ensure that the service is performing at the expected quality. If diagnostic data is set to **0**, the device will be treated as if it were in the Semi-Annual Channel (Targeted)(formerly called Current Branch or CB) branch. For instructions to set the diagnostic data level, see [Configure the operating system diagnostic data level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
 ### Feature updates
@ -114,8 +116,8 @@ With that in mind, Windows 10 offers 3 servicing channels. The [Windows Insider
 The concept of servicing channels is new, but organizations can use the same management tools they used to manage updates and upgrades in previous versions of Windows. For more information about the servicing tool options for Windows 10 and their capabilities, see [Servicing tools](#servicing-tools).
->[!NOTE]
+> [!NOTE]
->Servicing channels are not the only way to separate groups of devices when consuming updates. Each channel can contain subsets of devices, which staggers servicing even further. For information about the servicing strategy and ongoing deployment process for Windows 10, including the role of servicing channels, see [Plan servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md). 
+> Servicing channels are not the only way to separate groups of devices when consuming updates. Each channel can contain subsets of devices, which staggers servicing even further. For information about the servicing strategy and ongoing deployment process for Windows 10, including the role of servicing channels, see [Plan servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md). 
 ### Semi-Annual Channel
@ -137,20 +139,20 @@ Organizations are expected to initiate targeted deployment on Semi-Annual Channe
 Specialized systems—such as PCs that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. It’s more important that these devices be kept as stable and secure as possible than up to date with user interface changes. The LTSC servicing model prevents Windows 10 Enterprise LTSB devices from receiving the usual feature updates and provides only quality updates to ensure that device security stays up to date. With this in mind, quality updates are still immediately available to Windows 10 Enterprise LTSB clients, but customers can choose to defer them by using one of the servicing tools mentioned in the section Servicing tools.
->[!NOTE]
+> [!NOTE]
->Windows 10 Enterprise LTSB is a separate Long Term Servicing Channel version.
+> Windows 10 Enterprise LTSB is a separate Long Term Servicing Channel version.
 >
->Long-term Servicing channel is not intended for deployment on most or all the PCs in an organization; it should be used only for special-purpose devices.  As a general guideline, a PC with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the Semi-Annual servicing channel.
+> Long-term Servicing channel is not intended for deployment on most or all the PCs in an organization; it should be used only for special-purpose devices.  As a general guideline, a PC with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the Semi-Annual servicing channel.
 Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSB. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle.
->[!NOTE]
+> [!NOTE]
->Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products).
+> Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products).
 The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in Windows 10 Enterprise LTSB edition, even if you install by using sideloading.
->[!NOTE]
+> [!NOTE]
->If an organization has devices currently running Windows 10 Enterprise LTSB that it would like to change to the Semi-Annual Channel, it can make the change without losing user data. Because LTSB is its own SKU, however, an upgrade is required from Windows 10 Enterprise LTSB to Windows 10 Enterprise, which supports the Semi-Annual Channel.
+> If an organization has devices currently running Windows 10 Enterprise LTSB that it would like to change to the Semi-Annual Channel, it can make the change without losing user data. Because LTSB is its own SKU, however, an upgrade is required from Windows 10 Enterprise LTSB to Windows 10 Enterprise, which supports the Semi-Annual Channel.
 ### Windows Insider
@ -158,10 +160,10 @@ For many IT pros, gaining visibility into feature updates early—before they’
 Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about the Windows Insider Program for Business, go to [Windows Insider Program for Business](waas-windows-insider-for-business.md).
->[!NOTE]
+> [!NOTE]
->Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub app. 
+> Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub app. 
 >
->The Windows Insider Program isn’t intended to replace Semi-Annual Channel deployments in an organization. Rather, it provides IT pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft. 
+> The Windows Insider Program isn’t intended to replace Semi-Annual Channel deployments in an organization. Rather, it provides IT pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft. 
@ -185,8 +187,8 @@ With all these options, which an organization chooses depends on the resources,
 | WSUS | Yes | Yes | BranchCache or Delivery Optimization | Upstream/downstream server scalability |
 | Configuration Manager | Yes | Yes | BranchCache, Client Peer Cache | Distribution points, multiple deployment options |
->[!NOTE]
+> [!NOTE]
->Due to [naming changes](#naming-changes), older terms like CB,CBB and LTSB may still be displayed in some of our products.
+> Due to [naming changes](#naming-changes), older terms like CB,CBB and LTSB may still be displayed in some of our products.
 </br>
--- a/windows/deployment/update/waas-servicing-differences.md
+++ b/windows/deployment/update/waas-servicing-differences.md
@ -7,9 +7,11 @@ keywords: updates, servicing, current, deployment, semi-annual channel, feature,
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.audience: itpro
author: greg-lindsay
+ms.audience: itpro
 author: greg-lindsay
 ms.topic: article
 ms.collection: M365-modern-desktop
 ---
@ -19,7 +21,7 @@ ms.collection: M365-modern-desktop
 > 
 > **February 15, 2019:  This document has been corrected and edited to reflect that security-only updates for legacy OS versions are not cumulative. They were previously identified as cumulative similar to monthly rollups, which is inaccurate.**
-Today, many enterprise customers have a mix of modern and legacy client and server operating systems. Managing the servicing and updating differences between those legacy operating systems and Windows 10 versions adds a level of complexity that is not well understood. This can be confusing. With the end of support for legacy [Windows 7 SP1](https://support.microsoft.com/help/4057281/windows-7-support-will-end-on-january-14-2020) and Windows Server 2008 R2 variants on January 14, 2020, System Administrators have a critical need critical to understand how best to leverage a modern workplace to support system updates.
+Today, many enterprise customers have a mix of modern and legacy client and server operating systems. Managing the servicing and updating differences between those legacy operating systems and Windows 10 versions adds a level of complexity that is not well understood. This can be confusing. With the end of support for legacy [Windows 7 SP1](https://support.microsoft.com/help/4057281/windows-7-support-will-end-on-january-14-2020) and Windows Server 2008 R2 variants on January 14, 2020, System Administrators have a critical need to understand how best to leverage a modern workplace to support system updates.
 The following provides an initial overview of how updating client and server differs between the Windows 10-era Operating Systems (such as, Windows 10 version 1709, Windows Server 2016) and legacy operating systems (such as Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2). 
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@ -4,9 +4,11 @@ description: Additional settings to control the behavior of Windows Update (WU)
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.audience: itpro
author: greg-lindsay
+ms.audience: itpro
 author: greg-lindsay
 ms.date: 07/27/2017
 ms.reviewer: 
 manager: laurawi
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@ -78,7 +78,7 @@ To enable data sharing, configure your proxy server to whitelist the following e
 >[!NOTE]
 >Microsoft has a strong commitment to providing the tools and resources that put you in control of your privacy. As a result, Microsoft doesn't collect the following data from devices located in European countries (EEA and Switzerland):
 >- Windows diagnostic data from Windows 8.1 devices
->- App usage data for Windows 7 devices
+>- App usage data and [Internet Explorer site discovery](../upgrade/upgrade-readiness-additional-insights#site-discovery) features for Windows 7 devices
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@ -9,7 +9,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.localizationpriority: medium
 ms.topic: article
 ---
@ -334,7 +335,7 @@ Each rule name and its associated unique rule identifier are listed with a descr
       - For an example, see [Sample registry key](#sample-registry-key).
 05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center.
-   - This release dds the ability to find and diagnose reset and recovery failures (Push Button Reset).  
+   - This release adds the ability to find and diagnose reset and recovery failures (Push Button Reset).  
 12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center.
   - This release includes major improvements in rule processing performance: ~3x faster rule processing performance!
--- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
+++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
@ -8,7 +8,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ms.collection: M365-analytics
 ---
@ -186,5 +187,5 @@ Error creating or updating registry key: **CommercialId** at **HKLM:\SOFTWARE\Mi
 > 
 > Then run the Enterprise Config script (RunConfig.bat) again. 
 > 
-> If the script still fails, then send mail to <strong>uasupport@microsoft.com</strong> including log files from the RunConfig.bat script. These log files are stored on the drive that is specified in the RunConfig.bat file. By default this is set to **%SystemDrive%\UADiagnostics**. The log file is named with the format **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. There will be some additional logs generated under your **\<system drive>\Windows\Temp** directory with the names similar to **AslLog_....txt**. You should send those logs as well.
+> If the script still fails, then contact support@microsoft.com and share the log files from the RunConfig.bat script. These log files are stored on the drive that is specified in the RunConfig.bat file. By default this is set to **%SystemDrive%\UADiagnostics**. The log file is named with the format **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. There will be some additional logs generated under your **\<system drive>\Windows\Temp** directory with the names similar to **AslLog_....txt**. You should send those logs as well.
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@ -9,7 +9,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: medium
 ms.pagetype: mobile
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
@ -27,7 +28,7 @@ This topic provides a summary of available upgrade paths to Windows 10. You can
 > 
 > **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
 > 
-> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](https://docs.microsoft.com/windows/release-information/) to Windows 10 LTSC is not supported.  **Note**: Windows 10 LTSC 2015 did not block this upgrade path.  This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). 
+> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](https://docs.microsoft.com/windows/release-information/) to Windows 10 LTSC is not supported.  **Note**: Windows 10 LTSC 2015 did not block this upgrade path.  This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch the option 'Keep personal files and apps' will be grayed out. The command line would be **setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx**, using your relevant Windows 10 SAC product key. For example, if using a KMS, the command line would be **setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43**.
 > 
 > **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
 > 
--- a/windows/deployment/usmt/offline-migration-reference.md
+++ b/windows/deployment/usmt/offline-migration-reference.md
@ -8,7 +8,8 @@ ms.author: greglin
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.date: 04/19/2017
 ms.topic: article
 ---
@ -104,7 +105,7 @@ It is possible to run the ScanState tool while the drive remains encrypted by su
 User-group membership is not preserved during offline migrations. You must configure a **&lt;ProfileControl&gt;** section in the Config.xml file to specify the groups that the migrated users should be made members of. The following example places all migrated users into the Users group:
-``` syntax
+``` xml
 <Configuration>
 <ProfileControl>
    <localGroups>
@ -242,7 +243,7 @@ Syntax: &lt;failOnMultipleWinDir&gt;1&lt;/failOnMultipleWinDir&gt; or Syntax: &l
 The following XML example illustrates some of the elements discussed earlier in this topic.
-``` syntax
+``` xml
 <offline>
     <winDir>
          <path>C:\Windows</path> 
--- a/windows/deployment/usmt/understanding-migration-xml-files.md
+++ b/windows/deployment/usmt/understanding-migration-xml-files.md
@ -8,7 +8,8 @@ ms.author: greglin
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.date: 04/19/2017
 ms.topic: article
 ---
@ -225,7 +226,7 @@ You can use multiple XML files with the ScanState and LoadState tools. Each of t
 For example, you can use all of the XML migration file types for a single migration, as in the following example:
-``` syntax
+```
 Scanstate <store> /config:c:\myFolder\config.xml /i:migapps.xml /i:migdocs.xml /i:customrules.xml
 ```
@ -258,14 +259,14 @@ To generate the XML migration rules file for a source computer:
 3.  At the command prompt, type:
-    ``` syntax
+    ```
    cd /d <USMTpath>
    scanstate.exe /genmigxml: <filepath.xml>
    ```
    Where *&lt;USMTpath&gt;* is the location on your source computer where you have saved the USMT files and tools, and *&lt;filepath.xml&gt;* is the full path to a file where you can save the report. For example, type:
-    ``` syntax
+    ```
    cd /d c:\USMT
    scanstate.exe /genmigxml:"C:\Documents and Settings\USMT Tester\Desktop\genMig.xml"
    ```
@ -313,13 +314,13 @@ The MigDocs.xml file calls the **GenerateDocPatterns** function, which takes thr
 **Usage:**
-``` syntax
+``` 
 MigXmlHelper.GenerateDocPatterns ("<ScanProgramFiles>", "<IncludePatterns>", "<SystemDrive>")
 ```
 To create include data patterns for only the system drive:
-``` syntax
+``` xml
 <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
     <objectSet>
        <script>MigXmlHelper.GenerateDocPatterns ("FALSE","TRUE","TRUE")</script>
@ -329,7 +330,7 @@ To create include data patterns for only the system drive:
 To create an include rule to gather files for registered extensions from the %PROGRAMFILES% directory:
-``` syntax
+``` xml
 <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
     <objectSet>
        <script>MigXmlHelper.GenerateDocPatterns ("TRUE","TRUE","FALSE")</script>
@ -339,7 +340,7 @@ To create an include rule to gather files for registered extensions from the %PR
 To create exclude data patterns:
-``` syntax
+``` xml
 <exclude filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
     <objectSet>
        <script>MigXmlHelper.GenerateDocPatterns ("FALSE","FALSE","FALSE")</script>
@ -440,7 +441,7 @@ To exclude the new text document.txt file as well as any .txt files in “new fo
 To exclude Rule 1, there needs to be an exact match of the file name. However, for Rule 2, you can create a pattern to exclude files by using the file name extension.
-``` syntax
+``` xml
 <exclude>
     <objectSet>
        <pattern type="File">D:\Newfolder\[new text document.txt]</pattern>
@ -453,7 +454,7 @@ To exclude Rule 1, there needs to be an exact match of the file name. However, f
 If you do not know the file name or location of the file, but you do know the file name extension, you can use the **GenerateDrivePatterns** function. However, the rule will be less specific than the default include rule generated by the MigDocs.xml file, so it will not have precedence. You must use the &lt;UnconditionalExclude&gt; element to give this rule precedence over the default include rule. For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
-``` syntax
+``` xml
 <unconditionalExclude>
     <objectSet>
        <script>MigXmlHelper.GenerateDrivePatterns ("*[*.txt]", "Fixed")</script>
@ -465,7 +466,7 @@ If you do not know the file name or location of the file, but you do know the fi
 If you want the &lt;UnconditionalExclude&gt; element to apply to both the system and user context, you can create a third component using the **UserandSystem** context. Rules in this component will be run in both contexts.
-``` syntax
+``` xml
 <component type="Documents" context="UserandSystem">
   <displayName>MigDocExcludes</displayName>
   <role role="Data">
@ -490,7 +491,7 @@ The application data directory is the most common location that you would need t
 This rule will include .pst files that are located in the default location, but are not linked to Microsoft Outlook. Use the user context to run this rule for each user on the computer.
-``` syntax
+``` xml
 <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
     <objectSet>
        <pattern type="File">%CSIDL_LOCAL_APPDATA%\Microsoft\Outlook\*[*.pst]</pattern>
@ -502,7 +503,7 @@ This rule will include .pst files that are located in the default location, but
 For locations outside the user profile, such as the Program Files folder, you can add the rule to the system context component.
-``` syntax
+``` xml
 <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
     <objectSet>
        <pattern type="File">%CSIDL_PROGRAM_FILES%\*[*.pst]</pattern>
--- a/Show More
+++ b/Show More
`@ -97,4 +97,4 @@ If you insert a USB thumb drive with a provisioning package into one of the USB`

	`![* Select a device account and friendly name from your configuration file*](images/sh2-run14.png) <br>`	`![* Select a device account and friendly name from your configuration file*](images/sh2-run14.png) <br>`

	`4. Follow the instructions to complete first time Setup.`	`4. Follow the instructions to complete first time Setup.`
`@ -193,7 +193,7 @@ You’ll need to deploy a settings storage location, a standard network share wh`



	`Security Note: `	`Security Note:`

	`If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor:`	`If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor:`