Merge remote-tracking branch 'refs/remotes/origin/master' into atp-datetime

windows/client-management/mdm/TOC.md

@@ -194,6 +194,7 @@
 #### [DeviceInstallation](policy-csp-deviceinstallation.md)
 #### [DeviceLock](policy-csp-devicelock.md)
 #### [Display](policy-csp-display.md)
+#### [Education](policy-csp-education.md)
 #### [EnterpriseCloudPrint](policy-csp-enterprisecloudprint.md)
 #### [ErrorReporting](policy-csp-errorreporting.md)
 #### [EventLogService](policy-csp-eventlogservice.md)

windows/client-management/mdm/federated-authentication-device-enrollment.md

@@ -129,7 +129,7 @@ The discovery response is in the XML format and includes the following fields:
 -   Authentication policy (AuthPolicy) – Indicates what type of authentication is required. For the MDM server, OnPremise is the supported value, which means that the user will be authenticated when calling the management service URL. This field is mandatory.
 -   In Windows, Federated is added as another supported value. This allows the server to leverage the Web Authentication Broker to perform customized user authentication, and term of usage acceptance.
 
-> **Note**  The HTTP server response must not be chunked; it must be sent as one message.
+> **Note**  The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
 
  
 
@@ -297,7 +297,7 @@ After the user is authenticated, the web service retrieves the certificate templ
 
 MS-XCEP supports very flexible enrollment policies using various Complex Types and Attributes. For Windows device, we will first support the minimalKeyLength, the hashAlgorithmOIDReference policies, and the CryptoProviders. The hashAlgorithmOIDReference has related OID and OIDReferenceID and policySchema in the GetPolicesResponse. The policySchema refers to the certificate template version. Version 3 of MS-XCEP supports hashing algorithms.
 
-> **Note**  The HTTP server response must not be chunked; it must be sent as one message.
+> **Note**  The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
 
  
 
@@ -482,7 +482,7 @@ The following example shows the enrollment web service request for federated aut
 
 After validating the request, the web service looks up the assigned certificate template for the client, update it if needed, sends the PKCS\#10 requests to the CA, processes the response from the CA, constructs an OMA Client Provisioning XML format, and returns it in the RequestSecurityTokenResponse (RSTR).
 
-> **Note**  The HTTP server response must not be chunked; it must be sent as one message.
+> **Note**  The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
 
  
 

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/26/2017
+ms.date: 07/28/2017
 ---
 
 # What's new in MDM enrollment and management
@@ -979,6 +979,9 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>Defender/EnableNetworkProtection</li>
 <li>Defender/GuardedFoldersAllowedApplications</li>
 <li>Defender/GuardedFoldersList</li>
+<li>Education/DefaultPrinterName</li>
+<li>Education/PreventAddingNewPrinters</li>
+<li>Education/PrinterNames</li>
 <li>Security/ClearTPMIfNotReady</li>
 <li>Update/ScheduledInstallEveryWeek</li>
 <li>Update/ScheduledInstallFirstWeek</li>
@@ -1300,6 +1303,9 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <td style="vertical-align:top">
 <p>Added the following new policies for Windows 10, version 1709:</p>
 <ul>
+<li>Education/DefaultPrinterName</li>
+<li>Education/PreventAddingNewPrinters</li>
+<li>Education/PrinterNames</li>
 <li>Security/ClearTPMIfNotReady</li>
 <li>WindowsDefenderSecurityCenter/CompanyName</li>
 <li>WindowsDefenderSecurityCenter/DisableAppBrowserUI</li>
@@ -1342,6 +1348,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus</li>
 <li>DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus</li>
 </td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[SurfaceHub CSP](surfacehub-csp.md)</td>
+<td style="vertical-align:top"><p>Changed PasswordRotationPeriod to PasswordRotationEnabled.</p>
+</td></tr>
 </tbody>
 </table>
 

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/26/2017
+ms.date: 07/27/2017
 ---
 
 # Policy CSP
@@ -842,6 +842,20 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### Education policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-education.md#education-defaultprintername" id="education-defaultprintername">Education/DefaultPrinterName</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-education.md#education-preventaddingnewprinters" id="education-preventaddingnewprinters">Education/PreventAddingNewPrinters</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-education.md#education-printernames" id="education-printernames">Education/PrinterNames</a>
+  </dd>
+</dl>
+
 ### EnterpriseCloudPrint policies
 
 <dl>

windows/client-management/mdm/policy-csp-education.md

@@ -0,0 +1,133 @@
+---
+title: Policy CSP - Education
+description: Policy CSP - Education
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 07/27/2017
+---
+
+# Policy CSP - Education
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Education policies  
+
+<!--StartPolicy-->
+<a href="" id="education-defaultprintername"></a>**Education/DefaultPrinterName**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Added in Windows 10, version 1709. This policy allows IT Admins to set the user's default printer. 
+
+The policy value is expected to be the name (network host name) of an installed printer.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="education-preventaddingnewprinters"></a>**Education/PreventAddingNewPrinters**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Added in Windows 10, version 1709. Allows IT Admins to prevent user installation of additional printers from the printers settings.
+
+The following list shows the supported values:
+
+-   0 (default) – Allow user installation.
+-   1 – Prevent user installation.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="education-printernames"></a>**Education/PrinterNames**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Added in Windows 10, version 1709. Allows IT Admins to automatically provision printers based on their names (network host names).
+
+The policy value is expected to be a ```&#xF000;``` seperated list of printer names.  The OS will attempt to search and install the matching printer driver for each listed printer.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+

windows/client-management/mdm/surfacehub-csp.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 07/28/2017
 ---
 
 # SurfaceHub CSP
@@ -127,7 +127,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
 
 <p style="margin-left: 20px">The data type is char.
 
-<a href="" id="deviceaccount-passwordrotationperiod"></a>**DeviceAccount/PasswordRotationPeriod**  
+<a href="" id="deviceaccount-passwordrotationenabled"></a>**DeviceAccount/PasswordRotationEnabled**  
 <p style="margin-left: 20px">Specifies whether automatic password rotation is enabled. If you enforce a password expiration policy on the device account, use this setting to allow the device to manage its own password by changing it frequently, without requiring you to manually update the account information when the password expires. You can reset the password at any time using Active Directory (or Azure AD).
 
 <p style="margin-left: 20px">Valid values:

windows/client-management/mdm/surfacehub-ddf-file.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 07/28/2017
 ---
 
 # SurfaceHub DDF file
@@ -281,7 +281,7 @@ The XML below is the current version for this CSP.
                 </DFProperties>
             </Node>
             <Node>
-                <NodeName>PasswordRotationPeriod</NodeName>
+                <NodeName>PasswordRotationEnabled</NodeName>
                 <DFProperties>
                     <AccessType>
                         <Get />

windows/configuration/change-history-for-configure-windows-10.md

@@ -21,6 +21,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
 | [Customize and export Start layout](customize-and-export-start-layout.md) | Added explanation for tile behavior when the app is not installed |
 | [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md) | Added that Microsoft Edge is not supported for assigned access |
 |[Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)|Updated several Appraiser events and added Census.Speech. |
+| [Manage connections from Windows operating system components to Microsoft-services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Updated Date & Time and Windows spotlight sections. |
 
 ## June 2017
 

windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.localizationpriority: high
 author: brianlic-msft
 ms.author: brianlic-msft
-ms.date: 06/13/2017
+ms.date: 07/28/2017
 ---
 
 # Manage connections from Windows operating system components to Microsoft services
@@ -296,7 +296,7 @@ After that, configure the following:
 -   Disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Enable Windows NTP Server** > **Windows Time Service** > **Configure Windows NTP Client**
     
     > [!NOTE]  
-    > This is only available on Windows 10, version 1703 and later.
+    > This is only available on Windows 10, version 1703 and later. If you're using Windows 10, version 1607, the Group Policy setting is **Computer Configuration** > **Administrative Templates** > **System** > **Windows Time Service** > ** Time Providers** > **Enable Windows NTP Client**
 
     -or -
 
@@ -1692,10 +1692,6 @@ If you're running Windows 10, version 1607 or later, you only need to enable the
 
     -or-
 
--   Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsSpotlightFeatures**, with a value of 1 (one).
-
-	-and-
-
 -   Create a new REG\_DWORD registry setting in **HKEY\_CURRENT\_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsSpotlightFeatures**, with a value of 1 (one).
 
 If you're not running Windows 10, version 1607 or later, you can use the other options in this section.